CVE-2026-45176
Analyzed Analyzed - Analysis Complete

Improper Access Control in Idira Endpoint Privilege Manager Agent

Vulnerability report for CVE-2026-45176, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-11

Last updated on: 2026-06-22

Assigner: Palo Alto Networks, Inc.

Description

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this could potentially allow the attacker to bypass permission restrictions and execute unauthorized local actions with elevated privileges. CyberArk Security Bulletin: CA26-19

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-11
Last Modified
2026-06-22
Generated
2026-07-02
AI Q&A
2026-06-12
EPSS Evaluated
2026-06-30
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
paloaltonetworks idira_endpoint_privilege_manager to 26.5.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how the vulnerability in Idira Endpoint Privilege Manager Agent affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The vulnerability in Idira Endpoint Privilege Manager Agent versions prior to 26.5 involves improper access control within high-privileged agent components.

A local attacker with low privileges could exploit this flaw by manipulating internal communication mechanisms or file operations.

Under certain conditions, this exploitation could allow the attacker to bypass permission restrictions and perform unauthorized local actions with elevated privileges.

Impact Analysis

This vulnerability can allow a local low-privileged attacker to escalate their privileges on the affected system.

By bypassing permission restrictions, the attacker could execute unauthorized actions that normally require higher privileges, potentially compromising system security and integrity.

Mitigation Strategies

To mitigate this vulnerability, upgrade the Idira Endpoint Privilege Manager Agent to version 26.5 or later, as this version includes security and performance improvements that address improper access control issues.

Ensure that you are using the Palo Alto Networks-signed PKG installation method on macOS for secure installation, as the unsigned custom PKG method is deprecated and planned for removal.

Review and apply the latest security enhancements and configuration best practices provided in the release notes for your platform (macOS, Linux, or Windows) to reduce the risk of exploitation.

Detection Guidance

This vulnerability affects Idira Endpoint Privilege Manager Agent versions prior to 26.5. To detect if your system is vulnerable, you should first verify the installed version of the CyberArk Endpoint Privilege Manager (EPM) agent on your endpoints.

For Windows systems, you can check the installed EPM agent version by running the following command in PowerShell or Command Prompt:

  • wmic product where "name like '%Endpoint Privilege Manager%'" get name, version

For Linux systems, you can check the installed package version using commands such as:

  • rpm -qa | grep endpoint_privilege_manager
  • or
  • dpkg -l | grep endpoint_privilege_manager

For macOS systems, you can check the installed EPM agent version by running:

  • pkgutil --pkg-info com.cyberark.endpointprivilegemanager

If the version is prior to 26.5, your system is potentially vulnerable to this privilege escalation issue. Additionally, monitoring for unusual local privilege escalations or unauthorized access attempts related to internal communication mechanisms or file operations of the EPM agent could help detect exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart