CVE-2026-45177
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request, potentially leading to a bypass of identity verification.
Risk Assessment
An attacker could gain unauthorized access to access tokens, posing a serious threat to the organization's data security.
Recommendation
It is recommended to upgrade to version 1.8 or later to mitigate this vulnerability and implement additional security measures to protect against unauthorized access.
Original NVD description (English source)
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20

