CVE-2026-45175
Awaiting Analysis Awaiting Analysis - Queue
Improper Access Control in Idira Endpoint Privilege Manager Agent

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Palo Alto Networks, Inc.

Description
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-45175
EUVD
EUVD-2026-36304
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
cyberark endpoint_privilege_manager 26.5
cyberark endpoint_privilege_manager 26.4
cyberark endpoint_privilege_manager 26.3
cyberark endpoint_privilege_manager 26.2
cyberark endpoint_privilege_manager 26.6
cyberark endpoint_privilege_manager 26.2.1
cyberark endpoint_privilege_manager 26.5.0
cyberark endpoint_privilege_manager 26.4.0
cyberark endpoint_privilege_manager 26.3.2
cyberark endpoint_privilege_manager 26.3.0
cyberark endpoint_privilege_manager 26.2.0
cyberark endpoint_privilege_manager 26.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Idira Endpoint Privilege Manager Agent versions prior to 26.5 involves improper access control within the internal agent validation processes.

A local attacker could exploit this flaw to bypass built-in security controls or cryptographic validations.

Under certain conditions, this allows the attacker to circumvent the agent's self-defense mechanisms and perform unauthorized operations on the system.

Impact Analysis

This vulnerability can allow a local attacker to bypass security controls and cryptographic checks within the Endpoint Privilege Manager Agent.

As a result, the attacker could disable or circumvent the agent's self-defense features, potentially leading to unauthorized actions or privilege escalations on the affected system.

Mitigation Strategies

To mitigate this vulnerability, upgrade the Idira Endpoint Privilege Manager Agent to version 26.5 or later, as this version introduces enhanced security features including improved script validation and security improvements across platforms.

  • For macOS, update to version 26.5.0 which includes macOS Script Validation via Team ID and Signing ID to prevent tampered scripts from executing.
  • For Linux, update to version 26.5.0 which focuses on security and performance improvements.
  • For Windows, update to version 26.5.0 which includes security and performance improvements.
Compliance Impact

The provided information does not specify how the vulnerability in Idira Endpoint Privilege Manager Agent versions prior to 26.5 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45175. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart