Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation
Summary
| CVE | CVE-2026-45176 |
|---|---|
| State | PUBLISHED |
| Assigner | palo_alto |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-11 19:16:41 UTC |
| Updated | 2026-06-22 20:27:24 UTC |
| Description | Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19 |
Risk And Classification
Primary CVSS: v4.0 8.9 HIGH from [email protected]
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
EPSS: 0.001240000 probability, percentile 0.024940000 (date 2026-06-25)
Problem Types: CWE-269 | NVD-CWE-Other | CWE-269 [Discouraged] CWE-269: Improper Privilege Management
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 8.9 | HIGH | CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/C... |
| 4.0 | CNA | CVSS | 8.9 | HIGH | CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber |
| 3.1 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber
CVSS v3.1 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Application | Paloaltonetworks | Idira Endpoint Privilege Manager | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | CyberArk Software A Palo Alto Networks Company | Idira Endpoint Privilege Manager | affected 26.0 26.5 custom | Windows, macOS, Linux |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm | [email protected] | docs.cyberark.com | Release Notes |
| docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm | [email protected] | docs.cyberark.com | Release Notes |
| docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm | [email protected] | docs.cyberark.com | Release Notes |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2026-06-11T17:10:00.000Z | Initial publication. |
Exploits
CNA: Palo Alto Networks is not aware of any malicious exploitation of this issue.