CVE-2026-45173

Vulnerability

An origin validation flaw exists in the Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1. The extension's internal web-page verification routines do not properly validate the origin of requests, allowing a specially crafted webpage to bypass security checks. The bug is reachable when an authenticated user visits a malicious page controlled by the attacker. [1]

Exploitation

An attacker must craft a malicious webpage that the authenticated user navigates to. No additional authentication beyond the user's existing session is required. The attacker's page triggers the extension's flawed validation, causing the extension to incorrectly trust the origin and allowing unauthorized application interaction or execution parameters to be performed in the context of the user's authenticated session. The exact sequence involves the user clicking a link or being redirected to the attacker's page, which then sends crafted requests to the extension. [1]

Impact

Successful exploitation allows the attacker to trigger unauthorized application interaction or execution parameters within the authenticated browser session. This could include performing privileged actions on behalf of the user, potentially leading to information disclosure, account takeover, or further compromise of the Idira Identity platform. The impact is limited to the scope of the authenticated session. [1]

Mitigation

The vulnerability is fixed in version 26.8.1 of the Idira Identity Browser Extension. Users should upgrade to the latest version available from the Chrome Web Store, Firefox Add-ons, or Microsoft Edge Add-ons. No workaround is documented. The vendor (CyberArk) has released a security bulletin (CA26-21). [1]