We would like to provide clarification regarding CVE-2026-31431, CVE-2026-43500, and CVE-2026-43284. These vulnerabilities do not introduce additional risk to RSA Authentication Manager.

The reported exploits require access by a local user already authenticated to the operating system. In the context of RSA Authentication Manager, this would correspond to the appliance administrator account (e.g., rsaadmin). This account already has the capability to elevate privileges to root level using standard administrative commands such as:

sudo su

Therefore, exploiting these vulnerabilities does not grant capabilities beyond what is already inherently available to an authenticated appliance administrator.

The exploit would only allow a locally authenticated user to gain root privileges. Since the rsaadmin account can already obtain root access through supported administrative methods, this CVE does not create any additional security exposure for Authentication Manager.

Once SUSE releases an official fix for the affected kernel components, the remediation will be incorporated into the RSA Authentication Manager patch release AM 8.9 P2.

Based on this assessment, CVE-2026-31431, CVE-2026-43500, and CVE-2026-43284 do not represent an increased security risk for RSA Authentication Manager deployments.

As for Identity Router, please reference the following RSA Advisory for additional information regarding CVE-2026-31431 and related updates:

https://community.rsa.com/s/article/RSA-2026-07-RSA-Identity-Router-Security-Update-for-Third-Party-Component-Vulnerabilities

Vlastimil,

CVE-2026-31431 was asked about 1.5 weeks ago & has some super good comments.

To summarize 8.9 P2 containing the fix & targeted for EOM.

https://community.rsa.com/s/question/0D5PO00000vkrbb0AA/is-it-known-when-cve202631431-will-be-patched-for-for-which-rsa-am-versions-it-would-be-applied-to?fromEmail=1&s1oid=00D70000000IwPy&s1nid=0DB4u000000sYYP&s1uid=0054u000009MciQ&s1ext=0&emkind=chatterPostNotification&emtm=1778180430657&OpenCommentForEdit=1