CVE-2026-45176
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CWE
- CWE-269
Description
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45176
- [Other]https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650
- [Other]https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-macos.htm#Version2650
- [Other]https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-windows.htm#Version2650
Related CVEs
Same CWE
- CVE-2026-12018 — Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level pri... (8.8 HIGH)
- CVE-2025-31272 — The issue was addressed with improved checks (7.8 HIGH)
- CVE-2026-50570 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)
- CVE-2026-50566 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
- CVE-2026-50565 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (4.9 MEDIUM)