Executive Summary
During an internal security review, multiple vulnerabilities were identified in Netwrix PingCastle Enterprise and Pro that could enable unauthorized access or actions under certain conditions. These issues include a CSRF flaw that may expose a sensitive report, a CSRF issue that allows sending the example email template to arbitrary recipients, and administrative password reset functionality that could allow impersonation of users from an external identity provider for authentication and audit attribution purposes.
While Netwrix is unaware of any current exploitation of these vulnerabilities, Netwrix PingCastle Enterprise and Pro customers are advised to apply the available update as soon as possible.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Cross-Site Request Forgery (CSRF) in Reporting Email Functionality | Netwrix PingCastle Enterprise & Pro | <3.5.0.33 | 6.1 | 6.5 / 6.2 | A CSRF vulnerability could allow an attacker to trick an authenticated user into unintentionally requesting or disclosing a sensitive report, potentially exposing it to an unauthorized party. |
| Cross-Site Request Forgery (CSRF) in Email Test Functionality | Netwrix PingCastle Enterprise & Pro | <3.5.0.33 | 5.3 | 4.3 / 4.1 | A CSRF vulnerability allows sending the example email template to arbitrary recipients, potentially resulting in mass emails. |
| Improper Authentication in Password Reset Functionality | Netwrix PingCastle Enterprise | <3.5.0.33 | 5.1 | 2.7/ 2.6 | The password for a user sourced from an external identity provider may be reset, potentially enabling an attacker with Administrator privileges to act as this user while bypassing authentication against the external identity provider. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Cross-Site Request Forgery (CSRF) in Reporting Email Functionality | No | No | No |
| Cross-Site Request Forgery (CSRF) in Email Test Functionality | No | No | No |
| Improper Authentication in Password Reset Functionality | No | No | No |
Solution
All Netwrix PingCastle Enterprise and Pro customers are advised to update PingCastle Enterprise and Pro to version 3.5.0.33 or later as soon as possible.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Product | Release Version |
|---|---|
| Netwrix PingCastle Enterprise and Pro | 3.5.0.33 |
FAQ
-
How do I determine the current version of Netwrix PingCastle?
The current Netwrix PingCastle Enterprise and Pro version can be found by clicking the About link at the bottom each page in Netwrix PingCastle Enterprise and Pro.
-
Are Netwrix PingCastle Basic or Standard versions affected?
No, only Netwrix PingCastle Enterprise or Pro is affected by the vulnerabilities listed above.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2026-02-03T13:00:00Z | First published |
| 2 | 2026-02-03T13:00:00Z | Corrected version information |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.