Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism
CVE-2026-45177

9.1CRITICAL

Key Information:

Vendor: Cyberark Software, A Palo Alto Networks Company
Status: Conjur Cloud (edge Finding Only)
Vendor: CVE Published:; 11 June 2026

🔔 Create Cyberark Software, A Palo Alto Networks Company Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-45177?

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20

Affected Version(s)

Conjur Cloud (Edge Finding only) Idira Secrets Manager Saas - Edge 1.0 < 1.8

References

https://docs.cyberark.com/secrets-manager-saas/latest/en/...

vendor-advisory

CVSS V4

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 11, 2026
Vulnerability published
Jun 11, 2026
Vulnerability Reserved
May 8, 2026

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue

CVE-2026-45177 Data

JSON