Role Editing Authorization Flaw in SailPoint IdentityIQ
CVE-2026-5712

8HIGH

Key Information:

Vendor: Sailpoint Technologies
Status: Identityiq
Vendor: CVE Published:; 29 April 2026

🔔 Create Sailpoint Technologies Vulnerability Alert

What is CVE-2026-5712?

A vulnerability in SailPoint's IdentityIQ allows authenticated users, who are either requestors or assignees of work items, to modify role definitions without the necessary permissions to do so. This flaw presents a significant risk as it may lead to unauthorized access or changes in role definitions, compromising both user security and overall system integrity.

Affected Version(s)

IdentityIQ 8.5

IdentityIQ 8.5 < 8.5p2

IdentityIQ 8.4 < 8.4p4

References

https://www.sailpoint.com/security-advisories/sailpoint-i...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 6, 2026

Credit

wildwildwes

CVE-2026-5712 Data

JSON