Vendor scorecard
SailPoint
SailPoint security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: sailpoint
Product families
1
Open in latest
9
Inferred — see methodology
Last disclosure
Apr 29, 2026
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| IdentityIQ (IGA)Identity & Access Managementidentityiq | 2 | 9 | 8.3MED |
02
Recent CVEs
2 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-5712(opens NVD record) | High | 8.0 | This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing. | Apr 29, 2026 |
| CVE-2025-10280(opens NVD record) | High | 7.1 | IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS). | Nov 3, 2025 |
2 CVEs · 1 product families