CVE-2026-45176

Description

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

High

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

High

Availability (Subsequent System)

High

Amber

Affected products

CyberArk Software, a Palo Alto Networks Company / Idira Endpoint Privilege Manager26.0 – 26.5

References

MISChttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650
MISChttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650
MISChttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650