CVE-2026-45176 HIGH

CVE-2026-45176: Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation

Vendor Cyberark Software, A Palo Alto Networks Company
Product Idira Endpoint Privilege Manager
Weakness CWE-269
Published June 11, 2026
Last update June 13, 2026

CVSS base score

8.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber

What the vulnerability does

01Description

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19

Key dates

02Disclosure timeline

June 11, 2026 CVE published
June 13, 2026 Record updated