CVE Catalog

CVE-2026-45178

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS).

Risk Assessment

The organization may be exposed to the risk of confidential information leakage or DoS attacks, which could lead to significant disruptions in system operations.

Recommendation

It is recommended to upgrade to the latest version of Idira Secrets Manager and implement appropriate access control mechanisms to secure the cluster endpoints.

Original NVD description (English source)

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20

Vulnerability data from NVD (NIST) · CISA KEV · EPSS