Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes
CVE-2026-45175

8.5HIGH

Key Information:

Vendor

Cyberark Software, A Palo Alto Networks Company

Status
Idira Endpoint Privilege Manager
Vendor
CVE Published:
11 June 2026

Badges

👾 Exploit Exists

What is CVE-2026-45175?

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19

Affected Version(s)

Idira Endpoint Privilege Manager Windows 26.0 < 26.5

References

https://docs.cyberark.com/epm/latest/en/content/release%2...
vendor-advisory
https://docs.cyberark.com/epm/latest/en/content/release%2...
vendor-advisory
https://docs.cyberark.com/epm/latest/en/content/release%2...
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
.