CVE-2026-45173
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
The Idira Identity Browser extension for Chrome, Firefox, and Edge versions prior to 26.8.1 has an origin validation flaw in its internal web-page verification routines. An authenticated user navigating to a specially crafted webpage could allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session.
Risk Assessment
The organization may be exposed to unauthorized actions within the application, potentially leading to data leakage or system integrity breaches. An attacker could exploit this vulnerability to take control of the user's session.
Recommendation
It is recommended to update the Idira Identity Browser extension to version 26.8.1 or later to mitigate this vulnerability. Additionally, monitoring user activity for potential attack attempts is advised.
Original NVD description (English source)
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21

