プラットフォーム
windows
コンポーネント
pam-propagation-winrm-connections
修正版
2026.1
CVE-2026-4434 describes an improper certificate validation vulnerability within the PAM propagation WinRM connections feature. This flaw allows a network attacker to conduct a man-in-the-middle (MITM) attack by exploiting disabled TLS certificate verification. The vulnerability impacts versions 0 through 2026.1 and has been resolved in version 2026.1.
The core impact of CVE-2026-4434 lies in the potential for a network-based MITM attack. An attacker positioned between a client and the server can intercept and potentially modify WinRM traffic without detection. This could lead to unauthorized access, data exfiltration, or even the execution of malicious commands on the target system. The lack of proper certificate validation means the client will accept a forged certificate, effectively bypassing security controls. This is particularly concerning in environments where WinRM is used for remote management or automation, as an attacker could gain control of critical systems.
CVE-2026-4434 was publicly disclosed on March 20, 2026. The EPSS score is pending evaluation. No public proof-of-concept (PoC) exploits are currently known. It is not listed on the CISA KEV catalog at the time of this writing.
Organizations heavily reliant on WinRM for remote management and automation are particularly at risk. Environments with legacy configurations that disable certificate validation or lack proper network segmentation are also vulnerable. Shared hosting environments where multiple users share the same server infrastructure should be carefully assessed.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4625" -ErrorAction SilentlyContinue |
Where-Object {$_.Properties[0].Value -match 'WinRM'}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.Actions.Path -match 'WinRM'}• windows / supply-chain:
Get-Process | Where-Object {$_.Path -match 'WinRM'}disclosure
エクスプロイト状況
EPSS
0.03% (7% パーセンタイル)
The primary mitigation for CVE-2026-4434 is to upgrade to version 2026.1 or later, which includes improved TLS certificate verification. If upgrading is not immediately feasible, consider implementing stricter network segmentation to limit potential attacker access. Review WinRM configurations to ensure TLS is enforced and certificate pinning is enabled where possible. Monitor WinRM traffic for suspicious activity and consider implementing a Web Application Firewall (WAF) to filter malicious requests. While a direct detection signature is difficult without specific IOCs, monitor for unusual certificate chains or unexpected WinRM connections.
Devolutions Server をバージョン 2026.1 以降にアップデートしてください。これにより、不適切な証明書検証が修正され、中間者攻撃が防止されます。アップデートにより、TLS 証明書の検証が無効になります。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-4434 is a vulnerability in PAM propagation WinRM connections that allows a network attacker to perform a man-in-the-middle attack due to improper certificate validation.
If you are using PAM propagation WinRM connections in versions 0 through 2026.1, you are potentially affected by this vulnerability.
Upgrade to version 2026.1 or later to resolve the vulnerability. If upgrading is not possible, implement stricter network segmentation and review WinRM configurations.
As of the current assessment, there are no confirmed reports of active exploitation of CVE-2026-4434.
Refer to the official PAM documentation and security advisories for detailed information and updates regarding CVE-2026-4434.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。