Skip to main content

PowerManage 4.20.14

ยท One min read
Dmytro Dudnyk
Dmytro Dudnyk
L3 Technical Support | Team Lead
Vadym Haidamaka
Vadym Haidamaka
Senior DevOps Engineer | Team Lead
Immediate action required

This release addresses critical security vulnerabilities. All four vulnerabilities are local privilege escalation or remote exploitation flaws.

We strongly recommend scheduling upgrades to the patched version as soon as possible. Unpatched systems should be treated as at-risk.

Patched vulnerabilitiesโ€‹

  • [LPE] Copy Fail CVE-2026-31431
  • [LPE] Dirty Frag CVE-2026-43284
  • [LPE] Fragnesia CVE-2026-46300
  • [SSH] ssh-keysign-pwn CVE-2026-46333

Upgrade guidanceโ€‹

Schedule maintenance windows at the earliest opportunity. Three of these flaws allow local privilege escalation โ€” any unprivileged process or user on an affected host may gain root. Treat upgrade scheduling as high priority.

Officially allowed upgrade pathsโ€‹

tip

If you are running a version not listed below, upgrade to the nearest supported base version first.

  1. PowerManage 4.18.23 -> 4.20.14
  2. PowerManage 4.20.13.1 -> 4.20.14
info

Both incremental upgrade and backup/restore procedures have been tested and verified for these paths.

Clean installation of PowerManage 4.20.14 is also supported.