Origin Validation Flaw in Idira Identity Browser Extension by CyberArk
CVE-2026-45173
8.4HIGH
Key Information:
- Vendor
- CVE Published:
- 11 June 2026
Badges
👾 Exploit Exists
What is CVE-2026-45173?
The Idira Identity Browser Extension, available for Chrome, Firefox, and Edge, contains an origin validation flaw that affects versions prior to 26.8.1. This vulnerability allows a malicious attacker to potentially exploit authenticated sessions by directing users to specially crafted web pages. If an authenticated user interacts with such pages, the attacker could manipulate application interactions or execution parameters, compromising the security of the user's browser session.
Affected Version(s)
Identity Browser Extensions Firefox 26.0.0 < 26.8.1
References
CVSS V4
Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
