CVE Catalog

CVE-2026-45173

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

The Idira Identity Browser extension for Chrome, Firefox, and Edge versions prior to 26.8.1 has an origin validation flaw in its internal web-page verification routines. An authenticated user navigating to a specially crafted webpage could allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session.

Risk Assessment

The organization may be exposed to unauthorized actions within the application, potentially leading to data leakage or system integrity breaches. An attacker could exploit this vulnerability to take control of the user's session.

Recommendation

It is recommended to update the Idira Identity Browser extension to version 26.8.1 or later to mitigate this vulnerability. Additionally, monitoring user activity for potential attack attempts is advised.

Original NVD description (English source)

Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21

Vulnerability data from NVD (NIST) · CISA KEV · EPSS