Description
Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
Published: 2026-06-12
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to bypass TLS certificate validation under specific configuration scenarios, enabling the interception or manipulation of traffic between the Idira Privilege Cloud Connector and its server. This incomplete validation could lead to unauthorized access or data exposure. The weakness is identified as CWE‑295, which relates to improper validation of certificates or chains of trust.

Affected Systems

CyberArk Software’s PAM SH Connector, versions prior to 1.1.100504, are affected. The connector is part of the Idira Privilege Cloud Connector suite and may be deployed by organizations using this CyberArk product.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. The EPSS score is not available, so the likelihood of exploitation cannot be precisely quantified. Because the issue is not listed in the CISA KEV catalog, the vulnerability is not known to be actively exploited in the wild. The attack vector is inferred to involve a man‑in‑the‑middle or similar network-based exploitation due to the lack of full certificate validation.

Generated by OpenCVE AI on June 12, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the PAM SH Connector to version 1.1.100504 or later where TLS certificate validation is fully enforced.
  • Validate that configuration settings force strict certificate verification and disable any options that allow self‑signed or untrusted certificates.
  • Review network traffic for signs of interception or unexpected TLS handshakes, and remediate any discovered anomalies.
  • Consult CyberArk’s Security Bulletin CA26‑17 for detailed guidance and any additional patches.

Generated by OpenCVE AI on June 12, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://docs.cyberark.com/ cve-icon cve-icon
History

Fri, 12 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Description Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
Title Idira Privilege Cloud Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation
First Time appeared Cyberark Software A Palo Alto Networks Company
Cyberark Software A Palo Alto Networks Company pam Sh Connector
Weaknesses CWE-295
CPEs cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:pam_sh_connector:*:*:*:*:*:*:*:*
Vendors & Products Cyberark Software A Palo Alto Networks Company
Cyberark Software A Palo Alto Networks Company pam Sh Connector
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber'}

Subscriptions

Cyberark Software A Palo Alto Networks Company Pam Sh Connector
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2026-06-12T00:05:43.688Z

Reserved: 2026-05-08T23:00:57.503Z

Link: CVE-2026-45170

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T02:16:42.233

Modified: 2026-06-12T02:16:42.233

Link: CVE-2026-45170

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T02:30:11Z

Weaknesses
  • CWE-295

    Improper Certificate Validation