CVE-2026-45178
Analyzed
Analyzed - Analysis Complete
Improper Access Control in Idira Secrets Manager Self-Hosted
Vulnerability report for CVE-2026-45178, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-11
Last updated on: 2026-06-22
Assigner: Palo Alto Networks, Inc.
Description
Description
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| paloaltonetworks | idira_secrets_manager | From 13.0 (inc) to 13.8.1 (exc) |
| paloaltonetworks | idira_secrets_manager_credential_providers | From 14.0 (inc) to 14.2.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |