{"api_version":"1","generated_at":"2026-06-11T18:46:31+00:00","cve":"CVE-2026-10847","urls":{"html":"https://cve.report/CVE-2026-10847","api":"https://cve.report/api/cve/CVE-2026-10847.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-10847","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-10847"},"summary":{"title":"Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS","description":"A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.","state":"PUBLISHED","assigner":"checkpoint","published_at":"2026-06-11 14:16:26","updated_at":"2026-06-11 15:30:51"},"problem_types":["CWE-427","CWE-427 Uncontrolled Search Path Element"],"metrics":[{"version":"3.1","source":"cve@checkpoint.com","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://support.checkpoint.com/results/sk/sk185052","name":"https://support.checkpoint.com/results/sk/sk185052","refsource":"cve@checkpoint.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-10847","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-10847","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"checkpoint","product":"Identity Agent","version":"affected Versions prior to 81.087.0000","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-10847","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-11T14:19:16.357809Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-11T14:20:43.159Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Identity Agent","vendor":"checkpoint","versions":[{"status":"affected","version":"Versions prior to 81.087.0000"}]}],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"Uncontrolled Search Path Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-11T13:52:11.651Z","orgId":"897c38be-0345-43cd-b6cf-fe179e0c4f45","shortName":"checkpoint"},"references":[{"name":"Check Point Security Advisory for CVE-2026-10847","tags":["vendor-advisory"],"url":"https://support.checkpoint.com/results/sk/sk185052"}],"title":"Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS"}},"cveMetadata":{"assignerOrgId":"897c38be-0345-43cd-b6cf-fe179e0c4f45","assignerShortName":"checkpoint","cveId":"CVE-2026-10847","datePublished":"2026-06-11T13:52:11.651Z","dateReserved":"2026-06-04T12:13:32.828Z","dateUpdated":"2026-06-11T14:20:43.159Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-11 14:16:26","lastModifiedDate":"2026-06-11 15:30:51","problem_types":["CWE-427","CWE-427 Uncontrolled Search Path Element"],"metrics":{"cvssMetricV31":[{"source":"cve@checkpoint.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"10847","Ordinal":"1","Title":"Local Privilege Escalation vulnerability in Check Point Identity","CVE":"CVE-2026-10847","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"10847","Ordinal":"1","NoteData":"A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.","Type":"Description","Title":"Local Privilege Escalation vulnerability in Check Point Identity"}]}}}