CVE-2026-5712— IdentityIQ Role Editor Incorrect Authorization Vulnerability
Possible ATT&CK Techniques 1AI
T1078.003 · Local AccountsAffected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SailPoint Technologies | IdentityIQ | 8.5< 8.5p2 | affected |
8.4< 8.4p4 | affected | ||
8.3< 8.3p5 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-5712
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IdentityIQ Role Editor Incorrect Authorization Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
SailPoint IdentityIQ 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SailPoint IdentityIQ是SailPoint公司的一款安全软件。提供信用监控、身份保险和防病毒。 SailPoint IdentityIQ存在安全漏洞,该漏洞源于允许作为工作项请求者或分配人的已认证身份编辑角色定义,而无需具备允许角色编辑的分配能力。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SailPoint Technologies | IdentityIQ | 8.5 ~ 8.5p2 | - |
II. Public POCs for CVE-2026-5712
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-5712
请登录查看更多情报信息。
Advisory · 1
IV. Related Vulnerabilities
Same product: IdentityIQ
- CVE-2026-4857
SailPoint IdentityIQ Debug UI Incorrect Authorization - CVE-2025-10280
Incorrect Content Type Cross-Site Scripting Vulnerability - CVE-2024-10905
IdentityIQ Improper Access Control VulnerabilityIdentityIQ I - CVE-2024-2228
IdentityIQ Authorization of QuickLink Target Identities Vuln - CVE-2024-2227
IdentityIQ JavaServer Faces File Path Traversal Vulnerabilit
Same weakness: CWE-863
- CVE-2026-21789
HCL Connections is vulnerable to broken access control - CVE-2026-28732
Slash command trigger-word update allowed command hijacking - CVE-2026-6343
Mattermost Playbooks Plugin fails to enforce view permission - CVE-2026-4286
Playbooks Plugin fails to validate team transfers, allowing - CVE-2026-6341
Incomplete group locking implementation
V. Comments for CVE-2026-5712
No comments yet