Improper Access Control in CyberArk Idira Endpoint Privilege Manager Agent
CVE-2026-45176
8.9HIGH
Key Information:
- Vendor
- CVE Published:
- 11 June 2026
Badges
👾 Exploit Exists
What is CVE-2026-45176?
CyberArk's Idira Endpoint Privilege Manager Agent prior to version 26.5 contains an improper access control vulnerability within its high-privileged components. This flaw allows a local attacker with low privileges to exploit internal communication mechanisms or file operations. By taking advantage of this vulnerability, the attacker may bypass permission restrictions and execute unauthorized actions locally with elevated privileges, raising significant security concerns.
Affected Version(s)
Idira Endpoint Privilege Manager Windows 26.0 < 26.5
References
CVSS V4
Score:
8.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
