Origin Validation Flaw in Idira Identity Browser Extension by CyberArk
CVE-2026-45173

8.4HIGH

What is CVE-2026-45173?

The Idira Identity Browser Extension, available for Chrome, Firefox, and Edge, contains an origin validation flaw that affects versions prior to 26.8.1. This vulnerability allows a malicious attacker to potentially exploit authenticated sessions by directing users to specially crafted web pages. If an authenticated user interacts with such pages, the attacker could manipulate application interactions or execution parameters, compromising the security of the user's browser session.

Affected Version(s)

Identity Browser Extensions Firefox 26.0.0 < 26.8.1

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
.