Improper Access Control in Idira Secrets Manager by CyberArk
CVE-2026-45177
9.1CRITICAL
Key Information:
- Vendor
- CVE Published:
- 11 June 2026
Badges
👾 Exploit Exists
What is CVE-2026-45177?
Idira Secrets Manager SaaS Edge versions prior to 1.8 are vulnerable to improper access control within their internal authentication components. This vulnerability could allow a remote, unauthenticated attacker to craft specific requests that exploit weaknesses in the system. Under certain conditions, this manipulation could bypass the internal validation mechanisms, leading to unauthorized access and the potential acquisition of sensitive access tokens. Organizations using affected versions should take immediate action to mitigate the risk.
Affected Version(s)
Conjur Cloud (Edge Finding only) Idira Secrets Manager Saas - Edge 1.0 < 1.8
References
CVSS V4
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
