Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Cyberark
Endpoint Privilege Manager

cyberark endpoint privilege manager Vulnerabilities: CVEs, CISA KEV & Security Advisories

13 CVEs

cyberark endpoint privilege manager Vulnerabilities

CVE security advisories and vulnerability history for endpoint privilege manager by cyberark.

13

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

2

Public exploits

With known exploit

6.3

Avg CVSS

2018–2026

Last updated February 25, 2026

Overview

cyberark endpoint privilege manager has 13 published CVE records since 2018, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 2 have a known public exploit. The average CVSS base score across scored CVEs is 6.3.

This page aggregates every publicly disclosed vulnerability (CVE) affecting cyberark endpoint privilege manager, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list. Affected platforms include SaaS.

Severity and exploitation

How the CVSS severity of cyberark endpoint privilege manager's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High3

Medium1

Low2

6 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of cyberark endpoint privilege manager's CVEs are currently listed in CISA's KEV catalog.

Public exploits

2

2 of cyberark endpoint privilege manager's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every cyberark endpoint privilege manager version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

10.71 CVE
11.5.4.3551 CVE
11.5.4.5001 CVE
25.11.01 CVE

Find a version

13 CVEs

Sort

High vulnerability · 2026-02-25
CVE-2026-2914
Patch
CWE-269
High · CVSS 8.5
EPSS 0.0% (1th pct)2026-02-25
High vulnerability · 2026-02-03
CVE-2025-66374CWE-269
High · CVSS 7.8
EPSS 0.0% (1th pct)2026-02-03
HTML injection in CyberArk Endpoint Privilege Manager
CVE-2025-22274CWE-80
Low · CVSS 2.0
EPSS 0.2% (35th pct)2025-02-28
Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager
CVE-2025-22273CWE-770
Critical · CVSS 9.3
EPSS 0.2% (38th pct)2025-02-28
Self Reflected XSS in CyberArk Endpoint Privilege Manager
CVE-2025-22272CWE-79
Low · CVSS 2.1
EPSS 0.2% (39th pct)2025-02-28
IP Spoofing in CyberArk Endpoint Privilege Manager
CVE-2025-22271CWE-290
Medium · CVSS 6.9
EPSS 0.1% (32th pct)2025-02-28
Stored XSS in CyberArk Endpoint Privilege Manager
CVE-2025-22270CWE-79
High · CVSS 7.3
EPSS 0.2% (38th pct)2025-02-28
Vulnerability · 2022-01-15
CVE-2021-44049
Patch
Unscored
EPSS 0.1% (17th pct)2022-01-15
Vulnerability · 2020-11-27
CVE-2020-25738
Unscored
EPSS 0.1% (19th pct)2020-11-27
Vulnerability · 2019-04-09
CVE-2018-14894
Public exploit
Unscored
EPSS 0.2% (38th pct)2019-04-09
Vulnerability · 2019-03-08
CVE-2019-9627
Patch
Unscored
EPSS 0.2% (36th pct)2019-03-08
Vulnerability · 2018-07-05
CVE-2018-13052
Unscored
EPSS 0.4% (62th pct)2018-07-05
Vulnerability · 2018-06-26
CVE-2018-12903
Public exploit
Unscored
EPSS 0.3% (52th pct)2018-06-26

Common weakness types

The CWE weakness categories most often found in cyberark endpoint privilege manager CVEs. Follow any weakness for its full explanation.

CWE-269Improper Privilege Management2 CVEs
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2 CVEs
CWE-290Authentication Bypass by Spoofing1 CVE
CWE-770Allocation of Resources Without Limits or Throttling1 CVE
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)1 CVE

Disclosure activity by year

How many cyberark endpoint privilege manager CVEs were published each year.

2018

2

2019

2

2020

1

2022

1

2025

5

2026

2

Other cyberark products

Browse vulnerabilities for other products by cyberark.

identity6 CVEs conjur5 CVEs CyberArk Identity Management4 CVEs credential provider3 CVEs Secrets Manager, Self-Hosted3 CVEs conjur OSS2 CVEs password vault2 CVEs Privileged Access Manager2 CVEs

All cyberark vulnerabilities

Frequently asked questions

Common questions about cyberark endpoint privilege manager vulnerabilities.

How many CVEs does cyberark endpoint privilege manager have?

cyberark endpoint privilege manager has 13 published CVE records since 2018.

How many cyberark endpoint privilege manager CVEs are in CISA KEV?

None of cyberark endpoint privilege manager's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for cyberark endpoint privilege manager vulnerabilities?

Yes — 2 of cyberark endpoint privilege manager's CVEs have a known public exploit.

Which versions of cyberark endpoint privilege manager are affected?

4 distinct cyberark endpoint privilege manager versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in cyberark endpoint privilege manager CVEs?

cyberark endpoint privilege manager's CVEs most often map to these CWE weakness types: CWE-269 (Improper Privilege Management), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-290 (Authentication Bypass by Spoofing), CWE-770 (Allocation of Resources Without Limits or Throttling).

How many critical cyberark endpoint privilege manager vulnerabilities are there?

cyberark endpoint privilege manager has 1 critical and 3 high-severity CVEs.

What is the average severity of cyberark endpoint privilege manager CVEs?

The average CVSS base score across cyberark endpoint privilege manager's scored CVEs is 6.3.

References

All cyberark vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track cyberark endpoint privilege manager vulnerabilities

Monitor new cyberark endpoint privilege manager vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References