Trust Center
Delinea's cloud-native identity security platform serves as the central control plane for managing access across human, machine, third-party, and AI identities. By continuously discovering identities, assessing risk, and enforcing least-privilege access in real time, Delinea transforms identity from an organization's greatest vulnerability into its strongest line of defense.
Security is built into everything we do. Delinea maintains a comprehensive Information Security Program aligned to industry-recognized frameworks and designed to protect the confidentiality, integrity, and availability of our systems and customer data. Delinea implements a robust security program that embeds security controls and continuous quality assurance at every stage of the development lifecycle. The safeguards encompass intrusion detection, DDoS prevention, vulnerability management, behavioral analytics, continuous monitoring, cryptographic protections, network security, and configuration management, ensuring our platform remains resilient against evolving threats.
Security Advisory: Klue Vulnerability Incident
Delinea does not use the Klue market intelligence platform and has no integrations with it, therefore Delinea is not impacted by the Klue incident disclosed on June 12, 2026.
Please subscribe to the Delinea Trust Center for future security and other important announcements.
Notice regarding the recent geopolitical developments in the Middle East
Delinea is aware of the current situation in the Middle East and the associated escalation in cyber threat activity targeting technology sector infrastructure. Delinea does not own or operate data centers in the impacted regions but does deliver services via third-party cloud infrastructure providers that might be impacted based on the current threat landscape.
To date, Delinea services in the region have not been impacted, and we continue to actively monitor the situation. Further updates will be provided if and as soon as our impact assessment changes.
If you have further questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the Delinea Trust Center for future security and other important announcements.
Delinea Cloud Suite on-prem argument injection vulnerability - CVE-2026-2409
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.
Affected Product and Version
Cloud Suite before 25.2 HF1
Resolution
Upgrade to Cloud Suite version 25.2 HF1 or later
CVE Details
- CVE ID: CVE-2026-2409
- Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE: 89
- CVSS v4.0 Score: 9.3
- CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
- Credit: Jess Parker (Reporter), Radu Enachi (Reporter)
- References: Release Notes
Delinea Cloud Suite and Privileged Access Service – HTTP Request Smuggling vulnerability - CVE-2025-12811
Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service.
If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. If you cannot upgrade to Release 2023.1 (agent version 6.0.1) or later, you can choose one of the following versions: Server Suite release 2023.0.5 (agent version 6.0.0-158), or Server Suite release 2022.1.10 (agent version 5.9.1-337).
Affected Product and Version
Delinea Cloud Suite and Privileged Access Service version 25.1 HF4 and earlier
Resolution
Upgrade to version 25.1 HF5 or later
CVE Details
- CVE ID: CVE-2025-12811
- Published Date: Februrary 18, 2026
- Vulnerability Type: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
- CWE: 444
- CVSS v4.0 Score: 6.9
- CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Delinea Cloud Suite and Privileged Access Service – SQL Injection vulnerability - CVE-2025-12812
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service.
Remediation: This issue is fixed in Cloud Suite: 25.1
Affected Product and Version
Delinea Cloud Suite and Privileged Access Service version 23.1.2 and earlier
Resolution
Upgrade to Cloud Suite version 25.1 or later
CVE Details
- CVE ID: CVE-2025-12812
- Published Date: February 18, 2026
- Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE: 89
- CVSS v4.0 Score: 5.3
- CVSS v4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N