Home

Description

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19

PUBLISHED Reserved 2026-05-08 | Published 2026-06-11 | Updated 2026-06-13 | Assigner palo_alto




HIGH: 8.9CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber

Problem types

[Discouraged] CWE-269: Improper Privilege Management

Product status

Default status
unaffected

26.0 (custom) before 26.5
affected

Timeline

2026-06-11:Initial publication.

Credits

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue finder

References

docs.cyberark.com/...content/release notes/rn-os-windows.htm vendor-advisory

docs.cyberark.com/...n/content/release notes/rn-os-macos.htm vendor-advisory

docs.cyberark.com/...n/content/release notes/rn-os-linux.htm vendor-advisory

cve.org (CVE-2026-45176)

nvd.nist.gov (CVE-2026-45176)

Download JSON