CVE-2026-45177
published 2026-06-11CVE-2026-45177: Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated…
PriorityP271critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.50%
39.2th percentile
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberark_software_a_palo_alto_networks_company | conjur_cloud | >= 1.0 < 1.8 | 1.8 |
| paloaltonetworks | idira_secrets_manager_edge | < 1.8 | 1.8 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.09.1CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
CyberArk Conjur Cloud up to 1.7 access control (EUVD-2026-36289)
vuldb·2026-06-11·CVSS 9.1
CVE-2026-45177 [CRITICAL] CyberArk Conjur Cloud up to 1.7 access control (EUVD-2026-36289)
A vulnerability has been found in CyberArk Conjur Cloud up to 1.7 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls.
This vulnerability is referenced as CVE-2026-45177. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
GHSA
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components.
ghsa_unreviewed·2026-06-11
CVE-2026-45177 [CRITICAL] CWE-284 Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components.
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-11
Published