{"api_version":"1","generated_at":"2026-06-14T09:45:55+00:00","cve":"CVE-2026-45176","urls":{"html":"https://cve.report/CVE-2026-45176","api":"https://cve.report/api/cve/CVE-2026-45176.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-45176","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-45176"},"summary":{"title":"Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation","description":"Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19","state":"PUBLISHED","assigner":"palo_alto","published_at":"2026-06-11 19:16:41","updated_at":"2026-06-11 20:56:29"},"problem_types":["CWE-269","CWE-269 [Discouraged] CWE-269: Improper Privilege Management"],"metrics":[{"version":"4.0","source":"psirt@paloaltonetworks.com","type":"Secondary","score":"8.9","severity":"HIGH","vector":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"8.9","severity":"HIGH","vector":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.9,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"}}],"references":[{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650","name":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650","name":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650","name":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650","refsource":"psirt@paloaltonetworks.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-45176","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45176","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"CyberArk Software, a Palo Alto Networks Company","product":"Idira Endpoint Privilege Manager","version":"affected 26.0 26.5 custom","platforms":["Windows","macOS","Linux"]}],"timeline":[{"source":"CNA","time":"2026-06-11T17:10:00.000Z","lang":"en","value":"Initial publication."}],"solutions":[],"workarounds":[],"exploits":[{"source":"CNA","title":"","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.","time":"","lang":"en"}],"credits":[{"source":"CNA","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"45176","cve":"CVE-2026-45176","epss":"0.000130000","percentile":"0.020120000","score_date":"2026-06-13","updated_at":"2026-06-14 00:08:31"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-45176","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-11T19:01:45.789119Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-11T19:02:13.450Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","macOS","Linux"],"product":"Idira Endpoint Privilege Manager","vendor":"CyberArk Software, a Palo Alto Networks Company","versions":[{"changes":[{"at":"26.5","status":"unaffected"}],"lessThan":"26.5","status":"affected","version":"26.0","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:windows:*:*:*:*:*","versionEndExcluding":"26.5","versionStartIncluding":"26.0","vulnerable":true},{"criteria":"cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:macos:*:*:*:*:*","versionEndExcluding":"26.5","versionStartIncluding":"26.0","vulnerable":true},{"criteria":"cpe:2.3:a:cyberark_software_a_palo_alto_networks_company:idira_endpoint_privilege_manager:*:*:linux:*:*:*:*:*","versionEndExcluding":"26.5","versionStartIncluding":"26.0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue"}],"datePublic":"2026-06-11T17:10:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19"}],"value":"Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19"}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"HIGH","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.9,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"[Discouraged] CWE-269: Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-11T18:49:00.712Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["vendor-advisory"],"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650"},{"tags":["vendor-advisory"],"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650"},{"tags":["vendor-advisory"],"url":"https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650"}],"source":{"discovery":"UNKNOWN"},"timeline":[{"lang":"en","time":"2026-06-11T17:10:00.000Z","value":"Initial publication."}],"title":"Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation","x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2026-45176","datePublished":"2026-06-11T18:49:00.712Z","dateReserved":"2026-05-08T23:01:00.502Z","dateUpdated":"2026-06-11T19:02:13.450Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-11 19:16:41","lastModifiedDate":"2026-06-11 20:56:29","problem_types":["CWE-269","CWE-269 [Discouraged] CWE-269: Improper Privilege Management"],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"45176","Ordinal":"1","Title":"Idira Endpoint Privilege Manager Agent: Local Privilege Escalati","CVE":"CVE-2026-45176","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"45176","Ordinal":"1","NoteData":"Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19","Type":"Description","Title":"Idira Endpoint Privilege Manager Agent: Local Privilege Escalati"}]}}}