CVE-2026-45178
Received Received - Intake
Improper Access Control in Idira Secrets Manager Self-Hosted

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Palo Alto Networks, Inc.

Description
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-45178
EUVD
EUVD-2026-36296
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
cyberark secrets_manager self_hosted
cyberark credential_providers 14.2.6
cyberark credential_providers 12.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
AI Quick Actions have not been generated yet.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45178. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart