Skip to main content

Idira Identity Browser Extension CVE-2026-45173

| EUVD-2026-36363 HIGH
Origin Validation Error (CWE-346)
2026-06-11 palo_alto GHSA-mmjg-x39c-438q
Mozilla Authentication Bypass Google Identity Browser Extensions
8.4
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
8.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
vuln.today AI
8.2 HIGH

Remote crafted page (AV:N/AC:L), no attacker auth (PR:N), victim must visit page (UI:R); origin bypass crosses extension trust boundary into identity backend so S:C with high confidentiality and limited integrity impact.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (palo_alto).

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Patch available
Jun 12, 2026 - 02:01 EUVD
Analysis Generated
Jun 11, 2026 - 22:30 vuln.today
CVE Published
Jun 11, 2026 - 21:33 cve.org
HIGH 8.4

DescriptionCVE.org

Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21

AnalysisAI

Origin validation failure in CyberArk's Idira Identity Browser Extension for Chrome, Firefox, and Edge (versions prior to 26.8.1) allows a remote attacker to abuse an authenticated user's browser session by luring them to a malicious page. Per CyberArk bulletin CA26-21, the extension's internal web-page verification routine fails to correctly enforce origin checks (CWE-346), enabling unauthorized application interaction in the victim's identity context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify CyberArk Identity users via OSINT/LinkedIn
Delivery
Send phishing or watering-hole link
Exploit
Victim loads crafted page while SSO-authenticated
Execution
Page sends spoofed-origin message to extension
Persist
Extension fails origin check and acts on it
Impact
Attacker pivots into identity applications as the victim
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Victim must have the Idira Identity Browser Extension installed in Chrome, Firefox, or Edge at a build below 26.8.1 AND must be in an active authenticated session with their CyberArk Identity tenant at the time of the attack. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals point to a real, prioritized issue but not an immediate emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a crafted page (or injects content into a watering-hole site) that issues postMessage or DOM events designed to bypass the extension's origin check. A workforce user already signed into the CyberArk Identity tenant visits the page during normal browsing; the extension processes the attacker-controlled message as if it came from the legitimate Identity origin, granting the attacker the ability to trigger unauthorized identity-application interactions or read sensitive parameters from the authenticated session. …
Remediation Vendor-released patch: upgrade the Idira Identity Browser Extension to version 26.8.1 or later in Chrome, Firefox, and Edge - refer to CyberArk Security Bulletin CA26-21 (accessible via https://docs.cyberark.com/find-identity-administration-docs/latest/en/content/getstarted/identity-new-doc-location.htm) for the per-browser store links. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Alert all Idira extension users of the vulnerability; document current deployment scope and user count. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-45173 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy