CVE Catalog

CVE-2026-45177

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request, potentially leading to a bypass of identity verification.

Risk Assessment

An attacker could gain unauthorized access to access tokens, posing a serious threat to the organization's data security.

Recommendation

It is recommended to upgrade to version 1.8 or later to mitigate this vulnerability and implement additional security measures to protect against unauthorized access.

Original NVD description (English source)

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20

Vulnerability data from NVD (NIST) · CISA KEV · EPSS