8.4
CVE-2026-45173
- EPSS 0.16%
- Veröffentlicht 11.06.2026 22:16:57
- Zuletzt bearbeitet 22.06.2026 18:34:58
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Idira Identity Browser Extension SwPlatform- Version >= 26.0.0 < 26.8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.056 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| psirt@paloaltonetworks.com | 8.4 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
|
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.
https://docs.cyberark.com/find-identity-administration-docs/latest/en/content/getstarted/identity-new-doc-location.htm