Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-45178
PUBLISHED
More InfoOfficial Page
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
View Known Exploited Vulnerability (KEV) details
Published At-11 Jun, 2026 | 18:19
Updated At-11 Jun, 2026 | 19:04
Rejected At-
▼CVE Numbering Authority (CNA)
Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial of service (DoS). CyberArk Security Bulletin: CA26-20

Affected Products
Vendor
CyberArk Software, a Palo Alto Networks Company
Product
Conjur Enterprise
Platforms
  • Idira Secrets Manager
Default Status
unaffected
Versions
Affected
  • From 13.0 before 13.8.1 (custom)
    • -> unaffectedfrom13.8.1
Vendor
CyberArk Software, a Palo Alto Networks Company
Product
Conjur Enterprise
Platforms
  • Central Credential Provider (CCP)
Default Status
unaffected
Versions
Affected
  • From 14.0 before 14.2.6 (custom)
    • -> unaffectedfrom14.2.6
Vendor
CyberArk Software, a Palo Alto Networks Company
Product
Conjur Enterprise
Platforms
  • z/OS Credential Provider
Default Status
unaffected
Versions
Affected
  • From 14.0 before 14.2.6 (custom)
    • -> unaffectedfrom14.2.6
Vendor
CyberArk Software, a Palo Alto Networks Company
Product
Conjur Enterprise
Platforms
  • Credential Provider (CP)
Default Status
unaffected
Versions
Affected
  • From 14.0 before 14.2.6 (custom)
    • -> unaffectedfrom14.2.6
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
4.08.4HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L/U:Amber
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-130CAPEC-130 Excessive Allocation
CAPEC ID: CAPEC-130
Description: CAPEC-130 Excessive Allocation
Solutions

VERSION MINOR VERSION SUGGESTED SOLUTION Conjur Enterprise on Idira Secrets Manager 13.0 through 13.8.0 Upgrade to 13.8.1 or later. Conjur Enterprise on Central Credential Provider (CCP) 14.0 through 14.2.5 Upgrade to 14.2.6 or later. Conjur Enterprise on z/OS Credential Provider 14.0 through 14.2.5 Upgrade to 14.2.6 or later. Conjur Enterprise on Credential Provider (CP) 14.0 through 14.2.5 Upgrade to 14.2.6 or later.

Configurations
Workarounds
Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
finder
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
Timeline
EventDate
Initial publication.2026-06-11 17:10:00
Event: Initial publication.
Date: 2026-06-11 17:10:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.cyberark.com/secrets-manager-sh/13.9/en/content/enterprise/releasenotes/release-notes-13.8.1.htm?tocpath=Get%20started%7CRelease%20Notes%7C_____3
vendor-advisory
https://docs.cyberark.com/credential-providers/latest/en/content/landingpages/cp-wn-rn-14.2.6.htm?tocpath=Get%20Started%7CRelease%20notes%7C_____1
vendor-advisory
Hyperlink: https://docs.cyberark.com/secrets-manager-sh/13.9/en/content/enterprise/releasenotes/release-notes-13.8.1.htm?tocpath=Get%20started%7CRelease%20Notes%7C_____3
Resource:
vendor-advisory
Hyperlink: https://docs.cyberark.com/credential-providers/latest/en/content/landingpages/cp-wn-rn-14.2.6.htm?tocpath=Get%20Started%7CRelease%20notes%7C_____1
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found