CVE-2026-45175
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CWE
- CWE-295
Description
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45175
- [Other]https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650control
- [Other]https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650
- [Other]https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650
Related CVEs
Same CWE
- CVE-2026-45170 — Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validati...
- CVE-2026-40992 — Spring Boot's Mail auto-configuration does not enable hostname verification (5.0 MEDIUM)
- CVE-2026-53475 — A flaw was found in assisted-migration-agent (9.3 CRITICAL)
- CVE-2026-9758 — Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered tru... (7.3 HIGH)
- CVE-2026-41714 — Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(... (4.0 MEDIUM)