PatchSiren cyber security CVE debrief
CVE-2026-45178 CyberArk Software, a Palo Alto Networks Company CVE debrief
CVE-2026-45178 is a HIGH severity vulnerability in Idiria Secrets Manager Self-Hosted versions 13.8.0 and lower. The vulnerability exhibits improper access control within internal cluster endpoints, allowing a remote, authenticated attacker with standard node-level credentials to potentially retrieve unauthorized secrets or cause a denial of service (DoS). The vulnerability has a CVSS score of 8.4.
- Vendor
- CyberArk Software, a Palo Alto Networks Company
- Product
- Conjur Enterprise
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Idiria Secrets Manager Self-Hosted versions 13.8.0 and lower should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by improper access control within internal cluster endpoints in Idiria Secrets Manager Self-Hosted versions 13.8.0 and lower. This allows a remote, authenticated attacker with standard node-level credentials to potentially retrieve unauthorized secrets or cause a denial of service (DoS).
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to a version of Idiria Secrets Manager Self-Hosted that is not vulnerable.
- Restrict access to internal cluster endpoints.
- Monitor for suspicious activity.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd] respectively.
Official resources
CVE-2026-45178 was published on 2026-06-11T19:16:42.040Z and modified on 2026-06-11T20:56:29.653Z.