CVE-2026-45178
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CWE
- CWE-284
Description
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45178
- [Other]https://docs.cyberark.com/credential-providers/latest/en/content/landingpages/cp-wn-rn-14.2.6.htm?tocpath=Get%20Started%7CRelease%20notes%7C_____1
- [Other]https://docs.cyberark.com/secrets-manager-sh/13.9/en/content/enterprise/releasenotes/release-notes-13.8.1.htm?tocpath=Get%20started%7CRelease%20Notes%7C_____3
Related CVEs
Same CWE
- CVE-2026-48610 — Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability fou... (8.1 HIGH)
- CVE-2026-47366 — Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenti... (7.2 HIGH)
- CVE-2026-44249 — Netty is a network application framework for development of protocol servers and clients (8.1 HIGH)
- CVE-2026-45177 — Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)