Secrets Manager, Self-Hosted
by Cyber Ark
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49831 | Cri | 0.57 | 9.8 | 0.01 | Jul 15, 2025 | An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few… | ||
| CVE-2026-45178 | Hig | 0.55 | — | 0.00 | Jun 11, 2026 | Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets… |
- risk 0.57cvss 9.8epss 0.01
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few…
- risk 0.55cvss —epss 0.00
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets…