CVE-2026-5712 HIGH

CVE-2026-5712: IdentityIQ Role Editor Incorrect Authorization Vulnerability

Vendor Sailpoint Technologies

Product IdentityIQ

Weakness CWE-863 · Incorrect authorization

Published April 29, 2026

Last update April 30, 2026

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

Key dates

02Disclosure timeline

April 29, 2026 CVE published

April 30, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-5712

Related vulnerabilities

Identifiers

CVE CVE-2026-5712

CWE CWE-863

CVSS 8.0 / HIGH

Affected versions

Vendor Sailpoint Technologies

Product IdentityIQ

Affected ≥ 8.5 and < 8.5p2

Vendor Sailpoint Technologies

Product IdentityIQ

Affected ≥ 8.4 and < 8.4p4

Vendor Sailpoint Technologies

Product IdentityIQ

Affected ≥ 8.3 and < 8.3p5

CVE-2026-5712: IdentityIQ Role Editor Incorrect Authorization Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE