Aggregates CVE and security vulnerability intelligence across all cyberark-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-2914 | CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs | [email protected] | 8.5 | 0.01% | 2026-02-25 | 2026-02-27 |
| CVE-2025-66374 | CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task. | [email protected] | 7.8 | 0.02% | 2026-02-03 | 2026-02-28 |
| CVE-2025-49831 | An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS ver | [email protected] | 9.1 | 0.51% | 2025-07-15 | 2025-11-04 |
| CVE-2025-49830 | Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand the folder structure of the Secrets Manager/Conjur server or to have the yaml parser include files on the server in the yaml that is processed as the policy loads. This issue affects Secrets Manager, Self- | [email protected] | 7.1 | 0.43% | 2025-07-15 | 2025-11-04 |
| CVE-2025-49829 | Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue. | [email protected] | 6.0 | 0.24% | 2025-07-15 | 2025-11-04 |
| CVE-2025-49828 | Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. This issue affects both | [email protected] | 8.6 | 0.80% | 2025-07-15 | 2025-11-04 |
| CVE-2025-49827 | Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipulate the headers signed by AWS can take advantage of a malformed regular expression to redirect the authentication validation request that Secrets Manager, Self-Hosted sends to AWS to a malicious server | [email protected] | 9.1 | 0.57% | 2025-07-15 | 2025-11-04 |
| CVE-2024-54840 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. | [email protected] | 4.2 | 0.02% | 2025-02-03 | 2025-03-14 |
| CVE-2024-42340 | CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | [email protected] | 8.3 | 0.08% | 2024-08-25 | 2024-08-30 |
| CVE-2024-42339 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | [email protected] | 4.3 | 0.11% | 2024-08-25 | 2024-08-30 |
| CVE-2024-42338 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | [email protected] | 4.3 | 0.11% | 2024-08-25 | 2024-08-30 |
| CVE-2024-42337 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | [email protected] | 4.3 | 0.15% | 2024-08-25 | 2024-08-30 |
| CVE-2017-11197 | In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option. | [email protected] | 7.8 | 0.33% | 2023-05-03 | 2025-01-30 |
| CVE-2022-22700 | CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. | [email protected] | 5.3 | 0.26% | 2022-03-03 | 2024-11-21 |
| CVE-2021-44049 | CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | [email protected] | 7.8 | 0.05% | 2022-01-15 | 2024-11-21 |
| CVE-2021-31798 | The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. | [email protected] | 4.4 | 0.11% | 2021-09-02 | 2024-11-21 |
| CVE-2021-31796 | An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. | [email protected] | 7.5 | 0.96% | 2021-09-02 | 2024-11-21 |
| CVE-2021-31797 | The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | [email protected] | 5.1 | 0.08% | 2021-09-02 | 2024-11-21 |
| CVE-2021-37151 | CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discove | [email protected] | 5.3 | 0.23% | 2021-09-01 | 2024-11-21 |
| CVE-2020-25738 | CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | [email protected] | 5.5 | 0.07% | 2020-11-27 | 2024-11-21 |