CVE-2026-45178

Summary

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20

Affected Software

VendorProductVersion RangeStatus
CyberArk Software, a Palo Alto Networks CompanyConjur Enterprise13.0 < 13.8.1affected
CyberArk Software, a Palo Alto Networks CompanyConjur Enterprise14.0 < 14.2.6affected
CyberArk Software, a Palo Alto Networks CompanyConjur Enterprise14.0 < 14.2.6affected
CyberArk Software, a Palo Alto Networks CompanyConjur Enterprise14.0 < 14.2.6affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References