PT-2026-20542 · Delinea · Delinea Cloud Suite+2
Dawid Dudek
·
Published
2026-02-18
·
Updated
2026-02-19
·
CVE-2025-12811
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Delinea Cloud Suite and Privileged Access Service versions prior to 2023.1 (agent 6.0.1)
Delinea Server Suite versions 2022.1.10 (agent version 5.9.1-337) and 2023.0.5 (agent version 6.0.0-158)
Description
The software suffers from an Improper Inconsistent Interpretation of HTTP Requests, also known as HTTP Request Smuggling. This issue affects Delinea Cloud Suite and Privileged Access Service.
Recommendations
Upgrade to Delinea Server Suite 2023.1 (agent 6.0.1) or later.
Upgrade to Delinea Server Suite release 2023.0.5 (agent version 6.0.0-158).
Upgrade to Delinea Server Suite release 2022.1.10 (agent version 5.9.1-337).
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Delinea Cloud Suite
Delinea Server Suite
Privileged Access Service