What is CVE-2026-4857?

CVE-2026-4857 is a high-severity vulnerability in Sailpoint Technologies Identityiq, classified under Incorrect Authorization. CVSS score: 8.4/10. Published 2026-04-15.

How severe is CVE-2026-4857?

High severity. CVSS v3 base score is 8.4 out of 10.

Auth bypass in Sailpoint Technologies Identityiq

CVE-2026-4857

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the Vi…

Vulnerability class: Broken Access Control

EPSS: 0.000 (2.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Sailpoint Technologies Identityiq — versions 8.5, 8.4

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

www.sailpoint.com/security-advisories/sailpoint-identityiq-debug-ui-incorrect-a…

Frequently asked questions

What is CVE-2026-4857?: CVE-2026-4857 is a high-severity vulnerability in Sailpoint Technologies Identityiq, classified under Incorrect Authorization. CVSS score: 8.4/10. Published 2026-04-15.
How severe is CVE-2026-4857?: High severity. CVSS v3 base score is 8.4 out of 10.