CVE Catalog

CVE-2026-45176

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation.

Risk Assessment

This could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges, posing a serious security risk to the system.

Recommendation

It is recommended to upgrade to version 26.5 or later to mitigate this vulnerability and implement additional security measures to protect against local attacks.

Original NVD description (English source)

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19

Vulnerability data from NVD (NIST) · CISA KEV · EPSS