CVE-2026-45178 | THREATINT

Description

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20

PUBLISHED Reserved 2026-05-08 | Published 2026-06-11 | Updated 2026-06-11 | Assigner palo_alto

HIGH: 8.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L/U:Amber

Problem types

CWE-284: Improper Access Control

Product status

Default status

unaffected

13.0 (custom) before 13.8.1

affected

Default status

unaffected

14.0 (custom) before 14.2.6

affected

Default status

unaffected

14.0 (custom) before 14.2.6

affected

Default status

unaffected

14.0 (custom) before 14.2.6

affected

Timeline

2026-06-11:

Initial publication.

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue finder

References

docs.cyberark.com/...et%20started%7CRelease%20Notes%7C_____3 vendor-advisory

docs.cyberark.com/...et%20Started%7CRelease%20notes%7C_____1 vendor-advisory

cve.org (CVE-2026-45178)

nvd.nist.gov (CVE-2026-45178)

Download JSON

help @ threatint.eu