5 May 2026

CyberArk: CA26-15 / CA26-16 – Database Credentials Management Framework

Wednesday, May 5th, CyberArk released Security Bulletin CA26-15 and CA26-16.

CA26-15 involves a High severity issue that affects “Database Credentials Management Framework” marketplace Integration, all versions prior to version 20.1.5.

 

CA26-16 involves a High severity issue that affects “Database Credentials Management Framework” marketplace Integration, all versions prior to version 20.1.5.

The following CyberArk Security Bulletins provide information on the vulnerability, recommendations, and fix instructions:

CA26-15: https://www.cyberark.com/CA26-15

CA26-16: https://www.cyberark.com/CA26-16

 

Learn more by visiting https://www.cyberark.com/product-security.

21 April 2026

SailPoint – New Capability: Workflow Limit Update by License Tiers

What is happening?

Workflows is increasing its Acceptable Use Limits for Business, Business Plus, and Atlas Enterprise suites:

 

Note: The limit on steps per workflow is unchanged.

 

Standards and Foundations – No chance in limits

Business – increased to 50 enabled workflows from 25

Business Plus – increased to 200 enabled workflows from 100

Atlas Enterprise – increased to 300 enabled workflows from 200

 

When is this happening?

  • April 21st, 2026

 

Who is being impacted?

Business, Business Plus, and Atlas Enterprise customers.

 

Read Article

26 March 2026

CyberArk: CA26-14 – Prototype pollution in the Axios library

CyberArk have released Security Bulletin CA26-14 which describes Prototype pollution in the Axios library which is used by the PVWA servers in a self-hosted deployment.

Axios is a promise based HTTP client for the browser and Node.js that can be crashed causing complete denial of service. There is no temporary mitigation available for this, however, to CyberArk’s knowledge, this hasn’t been exploited in the wild.

 

Read Article

23 March 2026

CyberArk: Connect With Trusted RDP Files

SIA can now digitally sign RDP files with your organization’s own certificate, eliminating the “Unknown Publisher” security warnings that previously created friction and eroded user trust during vaulted, ZSP, and JIT RDP sessions. This means end users get a seamless, warning-free connection experience with confidence that RDP launches genuinely originate from a trusted source.

 

Read Article

1 2 3 10