CVE-2026-45178
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS).
Risk Assessment
The organization may be exposed to the risk of confidential information leakage or DoS attacks, which could lead to significant disruptions in system operations.
Recommendation
It is recommended to upgrade to the latest version of Idira Secrets Manager and implement appropriate access control mechanisms to secure the cluster endpoints.
Original NVD description (English source)
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20

