HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-45177Published Modified CNA palo_alto

CVE-2026-45177: Idira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanism

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to manipulate internal validation mechanisms, potentially leading to a bypass of identity verification and the unauthorized acquisition of an access token. CyberArk Security Bulletin: CA26-20

Metrics

CVSS v4.0
9.1
Severity
CRITICAL
Fixed in
1.8
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An authentication bypass vulnerability affects Idira Secrets Manager SaaS Edge versions prior to 1.8. The flaw is reachable over the network without any credentials, and under specific conditions an attacker can manipulate internal validation logic to skip identity verification entirely and obtain a valid access token. Successful exploitation gives the attacker unauthorized access to secrets the token controls. A patched-image rebuild at version 1.8 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-45177 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that embed affected versions of Idira Secrets Manager SaaS Edge. Any image running a version in the range 1.0 through below 1.8 is flagged automatically.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v4.0 score of 9.1 (Critical) and applies per-environment compliance policy weighting to prioritize routing. Findings are directed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild pinned to version 1.8 becomes available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable service must be reachable over the network; an attacker sends a specially crafted request from a remote location without needing prior access to the host.

  • AuthenticationNot required

    No credentials or prior account are needed; the bypass itself is the mechanism that produces an authenticated token.

  • Victim interactionNot required

    The attack is fully server-side and requires no action from any user or administrator.

  • Attack complexityDetail

    Base exploit conditions are low-complexity, though successful bypass depends on specific internal state circumstances (AT:P), meaning it is not guaranteed to succeed on every request.

Blast Radius

  • An attacker who obtains the forged access token can read secrets stored in the Idira Secrets Manager Edge instance, including API keys, certificates, and credentials held in the affected vault.
  • An attacker can write or overwrite secret values visible to that token, allowing poisoning of credentials consumed by downstream services.
  • Integrity of any workload that trusts secrets retrieved through the compromised token is undermined without requiring any additional authentication step.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of ingestion for any image embedding Idira Secrets Manager SaaS Edge below version 1.8. Given the Critical (9.1) severity and the zero-authentication network attack surface, this CVE is prioritized at the top of the triage queue under standard HarborGuard policy weighting. A rebuild targeting the fixed version 1.8 is ready for affected environments. For customers who opt into auto-remediation, HarborGuard triggers the rebuild, executes regression tests, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where auto-remediation is not enabled, the finding appears in the dashboard with a one-click rebuild action. Until a rebuild is deployed, compensating controls include restricting network ingress to the Edge endpoint via Kubernetes NetworkPolicy or equivalent firewall rules and auditing recent access-token issuance logs for anomalous patterns.

See how HarborGuard automates this

Fix available

1.8
Affected packages
  • CyberArk Software, a Palo Alto Networks Company / Conjur Cloud (Edge Finding only)
    < 1.8 (from 1.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Amber
References