High severity8.0NVD Advisory· Published Apr 29, 2026· Updated May 5, 2026

CVE-2026-5712

Description

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

Affected products

Sailpoint/Identityiq10 versions
cpe:2.3:a:sailpoint:identityiq:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:sailpoint:identityiq:*:*:*:*:*:*:*:*range: <8.3
- cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.3:patch2:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.3:patch4:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.4:-:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.4:patch1:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.4:patch2:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.5:-:*:*:*:*:*:*
- cpe:2.3:a:sailpoint:identityiq:8.5:patch1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.sailpoint.com/security-advisories/sailpoint-identityiq-role-editor-incorrect-authorization-vulnerability-cve-2026-5712nvdVendor Advisory

News mentions

SailPoint Agentic Fabric expands identity governance to autonomous AI agents
Help Net Security · May 11, 2026

cvss	0.520
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000