Improper Access Control in Idira Endpoint Privilege Manager Agent by CyberArk
CVE-2026-45175

8.5HIGH

What is CVE-2026-45175?

The Idira Endpoint Privilege Manager Agent prior to version 26.5 has a flaw in its internal agent validation processes, allowing local attackers to bypass essential security features. This may result in the circumvention of agent self-defense mechanisms, enabling the execution of unauthorized operations. It is crucial for users to update their systems to version 26.5 or later to mitigate this risk. For more details, refer to the CyberArk security bulletins.

Affected Version(s)

Idira Endpoint Privilege Manager Windows 26.0 < 26.5

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
.