CVE-2026-5712
Analyzed Analyzed - Analysis Complete
Role Definition Editing in IdentityIQ

Publication date: 2026-04-29

Last updated on: 2026-05-05

Assigner: SailPoint Technologies

Description
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5712
EUVD
EUVD-2026-26260
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
sailpoint identityiq 8.3
sailpoint identityiq 8.3
sailpoint identityiq 8.4
sailpoint identityiq 8.3
sailpoint identityiq 8.3
sailpoint identityiq 8.4
sailpoint identityiq to 8.3 (exc)
sailpoint identityiq 8.4
sailpoint identityiq 8.5
sailpoint identityiq 8.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects all versions of IdentityIQ and allows an authenticated user who is either the requestor or assignee of a work item to edit the definition of a role. This can be done without having the necessary assigned capability that normally permits role editing.

Impact Analysis

The vulnerability can lead to unauthorized modification of role definitions by users who should not have such permissions. This can result in privilege escalation, unauthorized access, and potentially compromise the confidentiality, integrity, and availability of systems and data.

Compliance Impact

The vulnerability allows unauthorized editing of role definitions by authenticated users without the required capabilities, which can lead to unauthorized access and privilege escalation.

Such unauthorized role modifications can undermine access controls and segregation of duties, potentially resulting in non-compliance with common standards and regulations like GDPR and HIPAA that require strict access management and protection of sensitive data.

Executive Summary

CVE-2026-5712 is an Incorrect Authorization Vulnerability in SailPoint IdentityIQ Role Editor. It allows an authenticated user who is either the requestor or assignee of a work item to edit the definition of a role without having the necessary capability or permission to do so.

This means that users can modify role definitions even if they are not authorized to perform role editing, potentially bypassing security controls.

Impact Analysis

This vulnerability can lead to unauthorized modifications of role definitions within the IdentityIQ system.

  • Users without proper role editing capabilities can change roles, potentially granting excessive or inappropriate access.
  • Such unauthorized changes can compromise the security of the system by allowing privilege escalation or access to sensitive resources.
  • The vulnerability has a high severity score (CVSS 8.0), indicating significant risk to confidentiality, integrity, and availability.
Mitigation Strategies

To mitigate CVE-2026-5712, you should apply the patches released by SailPoint that address this incorrect authorization vulnerability.

  • Install patch IIQSR-972 for your specific IdentityIQ version.
  • Ensure your IdentityIQ version is updated to at least 8.5p2, 8.4p4, or 8.3p5, depending on your current version.

These patches fix the issue allowing authenticated users who are requestors or assignees of a work item to edit role definitions without proper authorization.

Mitigation Strategies

To mitigate CVE-2026-5712, you should apply the patches released by SailPoint that address this incorrect authorization vulnerability.

  • Install patch IIQSR-972 for your specific version of IdentityIQ.
  • Ensure your IdentityIQ version is updated to at least 8.5p2, 8.4p4, or 8.3p5 depending on your current version.

These patches fix the issue that allows authenticated users who are requestors or assignees of a work item to edit role definitions without the required capability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5712. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart