Improper Access Control in Idira Endpoint Privilege Manager Agent by CyberArk
CVE-2026-45175
8.5HIGH
Key Information:
- Vendor
- CVE Published:
- 11 June 2026
Badges
👾 Exploit Exists
What is CVE-2026-45175?
The Idira Endpoint Privilege Manager Agent prior to version 26.5 has a flaw in its internal agent validation processes, allowing local attackers to bypass essential security features. This may result in the circumvention of agent self-defense mechanisms, enabling the execution of unauthorized operations. It is crucial for users to update their systems to version 26.5 or later to mitigate this risk. For more details, refer to the CyberArk security bulletins.
Affected Version(s)
Idira Endpoint Privilege Manager Windows 26.0 < 26.5
References
CVSS V4
Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
