CVE-2026-5712

Published: Apr 29, 2026Modified: May 5, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

Affected (10)

Products: Sailpoint: Identityiq

Sailpoint

1 product

Identityiq

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Sailpoint Identityiq	Before 8.3
Sailpoint Identityiq	Version 8.3
Sailpoint Identityiq	Version 8.3 patch1
Sailpoint Identityiq	Version 8.3 patch2
Sailpoint Identityiq	Version 8.3 patch4
Sailpoint Identityiq	Version 8.4
Sailpoint Identityiq	Version 8.4 patch1
Sailpoint Identityiq	Version 8.4 patch2
Sailpoint Identityiq	Version 8.5
Sailpoint Identityiq	Version 8.5 patch1

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-role-editor-incorrect-authorization-vulnerability-cve-2026-5712

Source: psirt@sailpoint.com

Vendor Advisory

Timeline

No history available yet.