CVE 8.9 HIGH

Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation_CVE-2026-45176

June 11, 2026 invoker category_cve

8.9 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber

Description

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19

AI Analysis

Local Privilege Escalation via Internal Communication or File Operation Manipulation

Basic Information

ID CVE-2026-45176

Source palo_alto

Published Jun 11, 2026 at 18:49

Affected Product

Vendor CyberArk Software, a Palo Alto Networks Company

Product Idira Endpoint Privilege Manager

Version 26.0

Affected Versions CyberArk Software, a Palo Alto Networks Company Idira Endpoint Privilege Manager 26.0

CWE Classification

CWE-269

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor CyberArk Software, a Palo Alto Networks Company

Product Idira Endpoint Privilege Manager

Version 26.0

References

{
    "lastseen": "",
    "description": "Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19",
    "published": "2026-06-11T18:49:00.712Z",
    "modified": "2026-06-11T18:49:00.712Z",
    "type": "cve",
    "title": "Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation",
    "source": "palo_alto",
    "references": "https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650\nhttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650\nhttps://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650",
    "id": "CVE-2026-45176",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "CyberArk Software, a Palo Alto Networks Company Idira Endpoint Privilege Manager 26.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Idira Endpoint Privilege Manager",
    "version": "26.0",
    "vendor": "CyberArk Software, a Palo Alto Networks Company",
    "ai_description": "Local Privilege Escalation via Internal Communication or File Operation Manipulation",
    "ai_severity": "High",
    "ai_vendor": "CyberArk Software, a Palo Alto Networks Company",
    "ai_product": "Idira Endpoint Privilege Manager",
    "ai_version": "26.0",
    "ai_score": 8.9
}

💭 Join the Security Discussion ❌ Cancel Reply