Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure
CVE-2026-45173

8.4HIGH

Key Information:

Vendor: Cyberark Software, A Palo Alto Networks Company
Status: Identity Browser Extensions
Vendor: CVE Published:; 11 June 2026

🔔 Create Cyberark Software, A Palo Alto Networks Company Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-45173?

Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21

Affected Version(s)

Identity Browser Extensions Firefox 26.0.0 < 26.8.1

References

https://docs.cyberark.com/find-identity-administration-do...

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 11, 2026
Vulnerability published
Jun 11, 2026
Vulnerability Reserved
May 8, 2026

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue

CVE-2026-45173 Data

JSON