CVE-2026-5712

Summary

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

Affected Software

VendorProductVersion RangeStatus
SailPoint TechnologiesIdentityIQ8.5 < 8.5p2affected
SailPoint TechnologiesIdentityIQ8.4 < 8.4p4affected
SailPoint TechnologiesIdentityIQ8.3 < 8.3p5affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References