CVE-2026-45177

UNKNOWN 0.0

Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20

CWE	CWE-284
Vendor	cyberark software, a palo alto networks company
Product	conjur cloud (edge finding only)
Published	Jun 11, 2026
Last Updated	Jun 11, 2026

Stay Ahead of the Next One

Get instant alerts for cyberark software, a palo alto networks company conjur cloud (edge finding only)

Be the first to know when new unknown vulnerabilities affecting cyberark software, a palo alto networks company conjur cloud (edge finding only) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CyberArk Software, a Palo Alto Networks Company / Conjur Cloud (Edge Finding only)

1.0 < 1.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.cyberark.com: https://docs.cyberark.com/secrets-manager-saas/latest/en/content/conjurcloud/whatsnew.htm#May132026

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue