Executive Summary
An internal security review identified vulnerabilities in Netwrix Password Secure affecting both the desktop client and server components. Successful exploitation may allow an attacker to execute arbitrary code on the desktop client, potentially compromising the client and any credentials it holds, or an attacker with highly privileged local access to execute arbitrary code on the server.
While Netwrix is unaware of any current exploitation of these vulnerabilities, all Netwrix Password Secure customers are advised to apply the available update immediately.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Improper Input Validation | Netwrix Password Secure Server | <26.3.100 | 9.3 | 7.5 / 6.5 | Netwrix Password Secure does not perform sufficient validation of malformed requests. This may allow an attacker with highly privileged local access to execute arbitrary code on the server. |
| Improper Input Validation | Netwrix Password Secure Desktop Client | <26.3.100 | 9.0 | 8.3 / 7.2 | Netwrix Password Secure does not perform sufficient validation of malformed requests. This may allow an attacker to execute arbitrary code on the desktop client. |
| Improper Input Validation | Netwrix Password Secure Server | <26.3.100 | 7.1 | 6.5 / 5.7 | Netwrix Password Secure does not perform sufficient validation of malformed requests. This may allow an attacker to perform a denial of service against the server. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Improper Input Validation in Desktop Client | No | No | No |
| Improper Input Validation in Server | No | No | No |
Solution
All Netwrix Password Secure customers are advised to apply the available update immediately. This update is essential to remediating risk from the described vulnerability.
The update is available in the Netwrix Customer Portal. Instructions for applying the update can be found in the Netwrix Password Secure update documentation.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing an official fix for the vulnerability as indicated in the table below.
| Product | Release Version |
|---|---|
| Netwrix Password Secure | 26.3.100 |
FAQ
-
How do I determine my current version of Netwrix Password Secure?
Please refer to the Netwrix Password Secure update documentation for guidance on determining the current installed version and applying the update.
-
Are there any actions required after installing the update?
No additional actions are required beyond applying the update to version 26.3.100 or later.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2026-03-19T12:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.