CVE-2026-4857 — Incorrect Authorization in Technologies Identityiq

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

8.4HIGHNVD

EPSS

0.0%

top 90.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sailpoint Technologies Identityiq

Timeline

PublishedApr 15

Latest updateApr 16

Description

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new IdentityIQ objects. Until a remediating security fix or patches containing this security fix are installed, the Debug Pages Read Only capability and any custom capabilities that contain the ViewAccessDebugPage…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages1 packages

▶CVEListV5sailpoint_technologies/identityiq8.5 — 8.5p2+1

🔴Vulnerability Details

VulDB

SailPoint IdentityIQ up to 8.4p3/8.5p1 Debug Page authorization↗2026-04-16

▶

CVEList

SailPoint IdentityIQ Debug UI Incorrect Authorization↗2026-04-15

▶

GHSA

GHSA-vcp6-gxf9-8g4m: IdentityIQ 8↗2026-04-15

▶