CA26-02 & CA26-03: High Severity Vulnerabilities in Central Password Management
CyberArk has disclosed high severity vulnerabilities affecting Central Password Management in both self-hosted deployments (versions prior to 14.6.3) and Privilege Cloud environments (versions prior to 14.8). Customers should review the security bulletins (CA26-02, CA26-03) to understand their exposure and apply the recommended fixes as soon as possible.
SIA: Support for named instance connections in vaulted SQL Server targets
Secure Infrastructure Access (SIA) now supports connecting to specific SQL Server named instances by specifying the port and instance name when using vaulted credentials. Since enterprises commonly run multiple SQL instances on a single host, this closes a gap that previously made SIA impractical for complex database environments.
SIA: On-premises Windows connections to IP-based targets using ZSP
Secure Infrastructure Access (SIA) now allows users to establish RDP connections to on-prem Windows targets by IP address while maintaining Zero Standing Privileges. This is particularly useful for environments where DNS infrastructure or FQDNs aren’t available, removing a common deployment blocker for extending ZSP coverage across legacy or segmented networks.
ZSP for Entra groups is now available
ZSP for Entra Groups allows for dynamic and temporary assignment of users to Entra groups within your Microsoft Entra ID directories. This means users can be granted access to specific M365 services or applications only when they need it, and for a limited time, without the need to manage the different roles in the ZSP policy.
“Secure Cloud Access and it’s new Zero Standing Privilege (ZSP) feature for Entra Groups allows for dynamic and temporary assignment of users to Entra groups within Microsoft Entra ID directories. This means users can be granted access to specific M365 services or applications only when they need it, and for a limited time, without the need to manage the different roles in the ZSP policy.”
