CVE-2026-5712 Vulnerability Analysis & Exploit Details

CVE-2026-5712 Vulnerability Summary

CVE-2026-5712: This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

CVE-2026-5712 References

External References

• https://www.sailpoint.com/security-advisories/sailpoint-identityiq-role-editor-incorrect-authorization-vulnerability-cve-2026-5712

CWE Common Weakness Enumeration

Vulnerable Configurations

• cpe:2.3:a:sailpoint:identityiq:7.1:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.1:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.1:patch2:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:patch2:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.1:patch3:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:patch3:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.1:patch4:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:patch4:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.1:patch5:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:patch5:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.1:patch6:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:patch6:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.1:patch7:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.1:patch7:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.2:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.2:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.2:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.2:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.2:patch3:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.2:patch3:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.2:patch4:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.2:patch4:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.2:patch5:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.2:patch5:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.2:patch6:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.2:patch6:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:patch2:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:patch2:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:patch3:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:patch3:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:patch4:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:patch4:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:patch5:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:patch5:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:patch6:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:patch6:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:7.3:patch7:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:7.3:patch7:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.0:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.0:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.0:patch2:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.0:patch3:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.0:patch4:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.0:patch5:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.0:patch5:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.0:patch6:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.0:patch6:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:patch2:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:patch3:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:patch4:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:patch5:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:patch6:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:patch6:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.1:patch7:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.1:patch7:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.2:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.2:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.2:patch2:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.2:patch4:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.2:patch5:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.2:patch5:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.2:patch7:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.2:patch7:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.2:patch8:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.2:patch8:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.3:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.3:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.3:patch2:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.3:patch2:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.3:patch4:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.3:patch4:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.4:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.4:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.4:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.4:patch1:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.4:patch2:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.4:patch2:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.5:-:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.5:-:*:*:*:*:*:*
• cpe:2.3:a:sailpoint:identityiq:8.5:patch1:*:*:*:*:*:*
  cpe:2.3:a:sailpoint:identityiq:8.5:patch1:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2026-8367 – aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private...
• CVE-2026-6282 – A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authen...
• CVE-2026-6281 – A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local netw...
• CVE-2026-45740 – protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit w...
• CVE-2026-45033 – GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identifie...