CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

🗓️ 11 Jun 2026 18:19:08Reported by palo_altoType

Idira Self-Hosted secrets manager has improper internal endpoint access enabling authenticated users to access secrets or cause DoS.

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2026-45178	11 Jun 202618:19	–	cve
EUVD	EUVD-2026-36296	11 Jun 202618:19	–	euvd
NVD	CVE-2026-45178	11 Jun 202619:16	–	nvd
Positive Technologies	PT-2026-48704	11 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints	11 Jun 202618:19	–	vulnrichment

[
  {
    "vendor": "CyberArk Software, a Palo Alto Networks Company",
    "product": "Conjur Enterprise",
    "platforms": [
      "Idira Secrets Manager"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "13.0",
        "lessThan": "13.8.1",
        "changes": [
          {
            "at": "13.8.1",
            "status": "unaffected"
          }
        ],
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "CyberArk Software, a Palo Alto Networks Company",
    "product": "Conjur Enterprise",
    "platforms": [
      "Central Credential Provider (CCP)"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "14.0",
        "lessThan": "14.2.6",
        "changes": [
          {
            "at": "14.2.6",
            "status": "unaffected"
          }
        ],
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "CyberArk Software, a Palo Alto Networks Company",
    "product": "Conjur Enterprise",
    "platforms": [
      "z/OS Credential Provider"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "14.0",
        "lessThan": "14.2.6",
        "changes": [
          {
            "at": "14.2.6",
            "status": "unaffected"
          }
        ],
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "CyberArk Software, a Palo Alto Networks Company",
    "product": "Conjur Enterprise",
    "platforms": [
      "Credential Provider (CP)"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "14.0",
        "lessThan": "14.2.6",
        "changes": [
          {
            "at": "14.2.6",
            "status": "unaffected"
          }
        ],
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
docs	www.docs.cyberark.com/secrets-manager-sh/13.9/en/content/enterprise/releasenotes/release-notes-13.8.1.htm
docs	www.docs.cyberark.com/credential-providers/latest/en/content/landingpages/cp-wn-rn-14.2.6.htm

11 Jun 2026 18:19Current

CVSS 48.4

CWE-284