Improper Access Control in Idira Secrets Manager by CyberArk
CVE-2026-45177

9.1CRITICAL

What is CVE-2026-45177?

Idira Secrets Manager SaaS Edge versions prior to 1.8 are vulnerable to improper access control within their internal authentication components. This vulnerability could allow a remote, unauthenticated attacker to craft specific requests that exploit weaknesses in the system. Under certain conditions, this manipulation could bypass the internal validation mechanisms, leading to unauthorized access and the potential acquisition of sensitive access tokens. Organizations using affected versions should take immediate action to mitigate the risk.

Affected Version(s)

Conjur Cloud (Edge Finding only) Idira Secrets Manager Saas - Edge 1.0 < 1.8

References

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
.