RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: identity (2 articles)Clear
breach
2026-05-12

Identity governance vendor SailPoint discloses GitHub repository breach - third-party app flaw to blame

SailPoint, the identity governance vendor used by many large enterprises, disclosed in a SEC 8-K filing that attackers gained unauthorized access to a subset of its GitHub repositories on April 20. The company's incident response team contained the intrusion the same day. SailPoint says no customer data in production or staging was accessed and its services were not interrupted. The root cause was a vulnerability in a third-party application, which has been remediated. SailPoint notified affected customers directly and says no further customer action is needed. The company has not disclosed what data was actually in the impacted repos.

sailpointidentitygithubsupply-chainsaas
Check
If you use SailPoint (IdentityNow, IdentityIQ, or related products), check whether you received a direct notification dated after April 20, 2026, and review the scope details in your account portal.
Affected
SailPoint customers who received a direct breach notification dated on or after April 20, 2026. The company has not publicly disclosed which products, repositories, or customer subsets were specifically named in the notifications. No customer data in production or staging environments was accessed per SailPoint's SEC filing.
Fix
Follow guidance in your direct SailPoint notification. As a precaution, rotate any API tokens or service-account credentials issued for SailPoint integration over the past 12 months. Review SailPoint integration audit logs for unexpected activity from April onward. Ask SailPoint for the name of the third-party application whose flaw caused the intrusion - your organization may use it elsewhere.
vulnerability
CVE-2026-20184CVE-2026-20180CVE-2026-20186CVE-2026-20147
2026-04-15

Cisco Webex SSO flaw lets unauthenticated attackers impersonate any user (CVE-2026-20184) - four critical bugs patched this week

Cisco has patched four critical vulnerabilities this week across Webex and Identity Services Engine (ISE). The standout flaw is CVE-2026-20184 in Cisco Webex Services with SSO integration via Control Hub - it allows an unauthenticated remote attacker to impersonate any user in the service due to incorrect certificate validation in the SSO flow. This is particularly dangerous for organizations using Webex with SAML and centralized identity management. Alongside it: CVE-2026-20180 and CVE-2026-20186 (both CVSS 9.9) affect Cisco ISE and ISE Passive Identity Connector, allowing authenticated attackers with even read-only admin credentials to execute arbitrary commands on the underlying OS and escalate to root. CVE-2026-20147 is a path traversal flaw in the same products. ISE versions before 3.2, plus 3.2, 3.3, 3.4, and 3.5 branches are all affected. No workarounds - only software updates fix these. In single-node ISE deployments, exploitation can also knock the node offline, blocking network access for unauthenticated endpoints.

ciscowebexisessorceidentitycritical-vulnerability
Check
If you use Cisco Webex with SSO via Control Hub, treat CVE-2026-20184 as urgent - it's unauthenticated. If you run Cisco ISE for network access control, plan to patch this week.
Affected
Cisco Webex Services configured with SSO integration via Control Hub (CVE-2026-20184, unauthenticated impersonation). Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) versions prior to 3.2, plus 3.2, 3.3, 3.4, and 3.5 branches (CVE-2026-20180, CVE-2026-20186, CVE-2026-20147).
Fix
Apply Cisco's software updates from the April 15 advisories. For ISE, upgrade to the fixed release matching your branch - there are no workarounds. For Webex with SSO, the fix is included in Cisco's latest Control Hub release. If patching is delayed, restrict admin access to ISE management interfaces to trusted IPs only via network-level ACLs - this doesn't fix CVE-2026-20184 but reduces the risk from ISE credential theft to RCE chains. Review Cisco admin account hygiene: read-only credentials are enough to chain to root on unpatched ISE.