CVE-2019-7442

CRITICAL

CyberArk Enterprise Password Vault <=10.7 - XXE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7442. PoCs published by Marcelo Toran.

AI-analyzed exploit summary This exploit demonstrates an XXE injection vulnerability in CyberArk's Password Vault Web Access (PVWA) SAML authentication. It allows remote attackers to read arbitrary files from the server by crafting a malicious DTD and SAML response.

Description

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.

Exploits (1)

exploitdb WORKING POC
by Marcelo Toran · textwebappsmultiple
https://www.exploit-db.com/exploits/46828

This exploit demonstrates an XXE injection vulnerability in CyberArk's Password Vault Web Access (PVWA) SAML authentication. It allows remote attackers to read arbitrary files from the server by crafting a malicious DTD and SAML response.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: CyberArk Enterprise Password Vault <=10.7
No auth needed
Prerequisites: Access to the target's SAML endpoint · Ability to host a malicious DTD on an external server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.4001
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-611
Status published
Products (1)
cyberark/enterprise_password_vault < 10.7
Published May 08, 2019
Tracked Since Feb 18, 2026