CVE-2025-12811

Feb. 19, 2026, 3:53 p.m.

6.9
Medium

Description

Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. * If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions: * Server Suite release 2023.0.5 (agent version 6.0.0-158) * Server Suite release 2022.1.10 (agent version 5.9.1-337)

Product(s) Impacted

Vendor Product Versions
Delinea
  • Cloud Suite
  • Privileged Access Service
  • Server Suite
  • 2023.0.5-2023.1
  • *
  • 2023.0.5-2023.1, 2022.1.10

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a delinea cloud_suite 2023.0.5-2023.1 / / / / / / /
a delinea privileged_access_service / / / / / / / /
a delinea server_suite 2023.0.5-2023.1 / / / / / / /
a delinea server_suite 2022.1.10 / / / / / / /

References

https://docs.delinea.com/online-help/cloud-suite/release-notes/cloud-suite/25.1.htm#Resolved2
https://trust.delinea.com/?tcuUid=d512dd6a-fa40-421c-ac11-1be280b1cb83

Tags

CWE-444
1443cd92-d354-46d2-9290-d812316ca43a
2026-02-18
CVE-2025-12811

CVSS Score

6.9 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: NONE
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Feb. 18, 2026, 11:16 p.m.
Last Modified: Feb. 19, 2026, 3:53 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

1443cd92-d354-46d2-9290-d812316ca43a

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.