Trust Center
Security is built into our bones Delinea’s Privileged Access Management solutions are built with security as a foundation from the start. We adhere to industry standards and frameworks, and ensure security testing is performed as a critical component of our software development processes along with continuous Quality Assurance (QA) checks.
Our cybersecurity defense measures address key components, including intrusion detection, Distributed denial-of-service (DDoS) attack prevention, penetration testing, behavioral analytics, anomaly detection, machine learning, and Security Operations Center. We also monitor and protect against critical web application security risks incorporating OWASP Top 10 and Automated Top 20 threats.
Encryption assured for data in transit and at rest Customer data is fully isolated and encrypted both in transit and at rest, using the AES-256 standard encryption algorithm and PBKDF2-HMAC-SHA256 hashing algorithm. Delinea uses private encryption keys for each customer, with third-party key management support (AWS KMS). Secrets are systematically “salted” before being hashed and encrypted with their own unique Initialization Vector and Key.
Connections to Delinea cloud services are protected via Transport Layer Security (TLS). Distributed Engine communications are also secured with an additional encryption key unique to each tenant.
Documents
Notice regarding the recent geopolitical development between India and Pakistan
Delinea is tracking the recent escalation between India and Pakistan and would like to assure our customers that our solutions and service offerings aren't impacted. We continue to monitor the situation and will provide further updates if our assessment changes.
If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the Delinea Trust Center for future security and other important announcements.
Delinea's analysis of critical Erlang/OTP SSH Server implementation vulnerability (CVE-2025-32433)
Delinea has analyzed the critical Erlang/OTP SSH Server implementation vulnerability (CVE-2025-32433) and has determined that none of it's products are impacted as they do not use or enable the Erlang SSH server by default.
Customers have the ability to manually enable the Erlangs SSH component in Delinea Secret Server (on-prem), the Delinea RabbitMQ Helper, and associated installations of RabbitMQ, in which case this vulnerability might pose a risk. To address the potential risk, customers are advised to either:
- Upgrade Erlang/OTP to one of the patched versions (27.3.3, 26.2.5.11, or 25.3.2.20)
- Disable the Erlang built-in SSH Server
If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the Delinea Trust Center for future security and other important announcements.
Critical Kubernetes ‘IngressNightmare’ Vulnerabilities Notification
Delinea has reviewed the critical Kubernetes vulnerabilities that were disclosed on March 25, 2025 CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, and has determined that they’re applicable to the Delinea Platform and Secret Server Cloud offerings. The Kubernetes clusters for both offerings do not have internet-facing admission controllers and could not have been exploited without internal access. Delinea has promptly patched and successfully tested both products offerings and, out of an abundance of caution, has examined all recent activity and determined that there are no indicators of compromise. Delinea will continue to monitor the service offerings in question and provide communication updates if new material information comes to light.
If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the Delinea Trust Center for future security and other important announcements.
Disclosure of CVE-2024-12908
During a customer test of Secret Server, a third party discovered vulnerabilities in the protocol handler function -- which are now disclosed in CVE-2024-12908
The third party approached Delinea with their findings and in collaboration with Delinea's Development and Security staff, Delinea created a remediation plan in accordance with our responsible disclosure policy.
The vulnerability existed in the Secret Server protocol handler, where URI’s were compared before normalization and canonicalization. This potentially led to cases of over matching against the approved list.
Delinea patched the SaaS instance on October 9, 2024 and released a patch for the on-premises version on November 26, 2024. The time between those release dates and publishing the CVE allows for customers to upgrade before going live with the disclosure.
If operators of this software have not yet installed version 11.7.49, which remediates the vulnerability, they should do so at their earliest convenience.
Disclosure of CVE-2024-52926
During a customer test of Privilege Manager, a third party discovered vulnerabilities in the application -- which are now disclosed in CVE-2024-52926.
The third party approached Delinea with their findings and in collaboration with Delinea's Development and Security staff, Delinea created a remediation plan in accordance with our responsible disclosure policy.
The vulnerability existed in the Privilege Manager Agent where a non-administrative user could escalate their rights if Privilege Manager had previously elevated a process in that user’s session.
Delinea patched the SaaS instance on September 28, 2024 and released a patch for the on-premises version on October 11, 2024. The time between those release dates and publishing the CVE allows for customers to upgrade before going live with the disclosure.
If operators of this software have not yet installed version 12.0.2153, which remediates the vulnerability, they should do so at their earliest convenience.