CVE-2026-45178 HIGH

CVE-2026-45178: Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Vendor Cyberark Software, A Palo Alto Networks Company
Product Conjur Enterprise
Weakness CWE-284
Published June 11, 2026
Last update June 11, 2026

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L/U:Amber

What the vulnerability does

01Description

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20

Key dates

02Disclosure timeline

June 11, 2026 CVE published
June 11, 2026 Record updated