Improper Access Control in CyberArk Idira Endpoint Privilege Manager Agent
CVE-2026-45176

8.9HIGH

What is CVE-2026-45176?

CyberArk's Idira Endpoint Privilege Manager Agent prior to version 26.5 contains an improper access control vulnerability within its high-privileged components. This flaw allows a local attacker with low privileges to exploit internal communication mechanisms or file operations. By taking advantage of this vulnerability, the attacker may bypass permission restrictions and execute unauthorized actions locally with elevated privileges, raising significant security concerns.

Affected Version(s)

Idira Endpoint Privilege Manager Windows 26.0 < 26.5

References

CVSS V4

Score:
8.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue
.