IdentityIQ CVE-2026-5712: Authenticated Users Can Edit Roles

/HIGH /CVSS 8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-863
IdentityIQ CVE-2026-5712: Authenticated Users Can Edit Roles

The National Vulnerability Database has disclosed CVE-2026-5712, a high-severity vulnerability impacting all versions of IdentityIQ. This flaw, rated 8.0 on the CVSS scale, allows an authenticated user who is either a requestor or assignee of a work item to modify role definitions. Critically, this can be achieved even without the necessary assigned capabilities for role editing.

This is a bypass of authorization controls (CWE-863) that could have significant implications for access governance. An attacker with low-level authenticated access could potentially elevate privileges or manipulate critical role configurations within IdentityIQ, disrupting segregation of duties and potentially granting themselves or others broader access than intended. The attack complexity is rated as high, suggesting some specific conditions or user interaction might be required, but the impact on confidentiality, integrity, and availability is severe.

CISOs need to understand that this isn’t an unauthenticated RCE, but an internal authorization bypass. The attacker’s calculus here is privilege escalation and lateral movement. They’re already inside, and this vulnerability gives them a path to manipulate the very system designed to manage access. Defenders must prioritize patching IdentityIQ and reviewing audit logs for any unauthorized role definition changes.

What This Means For You

  • If your organization uses IdentityIQ, you are exposed. This vulnerability allows an authenticated user to edit role definitions without proper authorization. Immediately check for patches from the vendor and review your IdentityIQ audit logs for any unauthorized role modifications, especially those made by users who typically lack role editing capabilities.

Related ATT&CK Techniques

T1078.004 Abuse Information Protection Privilege Escalation T1548.002 Setuid and Setgid Privilege Escalation

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1078.004 Privilege Escalation

IdentityIQ Authenticated Role Definition Edit - CVE-2026-5712

Sigma YAML — free preview 
title: IdentityIQ Authenticated Role Definition Edit - CVE-2026-5712
id: scw-2026-04-29-ai-1
status: experimental
level: high
description: |
  Detects an authenticated user attempting to edit a role definition in IdentityIQ. This rule specifically targets the '/identityiq/roles/edit' endpoint with a POST method and a 'roleId=' parameter in the query string, which is indicative of exploiting CVE-2026-5712. This allows users without explicit role editing capabilities to modify role definitions.
author: SCW Feed Engine (AI-generated)
date: 2026-04-29
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-5712/
tags:
  - attack.privilege_escalation
  - attack.t1078.004
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/identityiq/roles/edit'
      cs-method:
          - 'POST'
      sc-status:
          - '200'
      cs-uri-query|contains:
          - 'roleId='
  selection_base:
      cs-uri|contains:
          - '/identityiq/roles/edit'
  selection_indicators:
      cs-method:
          - 'POST'
      sc-status:
          - '200'
      cs-uri-query|contains:
          - 'roleId='
  condition: selection_base AND selection_indicators
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-5712 Privilege Escalation IdentityIQ all versions
CVE-2026-5712 Auth Bypass Authenticated identity (requestor or assignee of a work item) can edit role definition without assigned capability.

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 29, 2026 at 21:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7396 — NousResearch Hermes-Agent Path Traversal

CVE-2026-7396 — A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component...

vulnerabilityCVEmedium-severitypath-traversalcwe-22
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-7394 — SQL Injection

CVE-2026-7394 — A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /4.7 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-26204 — Denial of Service

CVE-2026-26204 — Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-124cwe-191
/SCW Vulnerability Desk /MEDIUM /4.4 /⚑ 3 IOCs /⚙ 2 Sigma