CVSS 8.0 · HIGH
CVE-2026-5712
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
Ver en NVDAnálisis
SailPoint IdentityIQ is a widely deployed enterprise identity governance platform. This vulnerability is an authorization bypass that allows users to perform role editing without the required capabilities, which is a core security failure in an IAM product.
Severidad
Puntaje: 8.0(HIGH)
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HAV: NETWORK
AC: HIGH
PR: LOW
UI: REQUIRED
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-863EPSS
Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.3%
EPSS: 2026-05-06
Afecta
sailpoint:identityiqDescripción técnica
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
Publicada: 29/4/2026, 18:16:05
Última modificación: 5/5/2026, 12:48:23