Improper Access Control in Idira Secrets Manager by CyberArk
CVE-2026-45178
Key Information:
- Status
- Vendor
- CVE Published:
- 11 June 2026
Badges
What is CVE-2026-45178?
The Idira Secrets Manager Self-Hosted versions 13.8.0 and earlier are vulnerable to improper access controls within internal cluster endpoints. This flaw allows remote, authenticated users with standard node-level credentials to exploit these endpoints, potentially enabling unauthorized access to sensitive secrets or causing a denial of service (DoS). Organizations utilizing these versions should update to a secure version immediately to mitigate the risks associated with this vulnerability.
Affected Version(s)
Conjur Enterprise Central Credential Provider (CCP) 14.0 < 14.2.6
Conjur Enterprise Credential Provider (CP) 14.0 < 14.2.6
Conjur Enterprise Idira Secrets Manager 13.0 < 13.8.1
References
CVSS V4
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
