CVE-2026-5712 PUBLISHED

IdentityIQ Role Editor Incorrect Authorization Vulnerability

Assigner: SailPoint
Reserved: 06.04.2026 Published: 29.04.2026 Updated: 30.04.2026

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
CVSS Score: 8

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SailPoint Technologies
Product	IdentityIQ
Versions	Default: affected affected from 8.5 to 8.5p2 (excl.) affected from 8.4 to 8.4p4 (excl.) affected from 8.3 to 8.3p5 (excl.)

Credits

wildwildwes reporter

References

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-role-editor-incorrect-authorization-vulnerability-cve-2026-5712

Problem Types

CWE-863: Incorrect Authorization CWE