CVE-2026-45175

Description

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Amber

Affected products

CyberArk Software, a Palo Alto Networks Company / Idira Endpoint Privilege Manager26.0 – 26.5

References

MISChttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650
MISChttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650
MISChttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650control