PatchSiren cyber security CVE debrief
CVE-2026-45175 CyberArk Software, a Palo Alto Networks Company CVE debrief
CVE-2026-45175 is a HIGH-severity vulnerability in Idiria Endpoint Privilege Manager Agent versions prior to 26.5. The vulnerability, reported by CyberArk, allows a local attacker to potentially bypass built-in security controls or cryptographic validations, enabling unauthorized operations. The CVSS score for this vulnerability is 8.5.
- Vendor
- CyberArk Software, a Palo Alto Networks Company
- Product
- Idira Endpoint Privilege Manager
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of Idiria Endpoint Privilege Manager Agent versions prior to 26.5 should apply the patches to prevent potential local attacks.
Technical summary
The vulnerability is caused by improper access control within internal agent validation processes in Idiria Endpoint Privilege Manager Agent versions prior to 26.5. This could allow a local attacker to bypass built-in security controls or cryptographic validations and execute unauthorized operations.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches for Idiria Endpoint Privilege Manager Agent versions prior to 26.5.
- Refer to the release notes for version 26.50: [Linux](resourceLinkAnnotations.ref-4), [macOS](resourceLinkAnnotations.ref-5), [Windows](resourceLinkAnnotations.ref-6).
Evidence notes
The CVE record was published on [CVE.org](resourceLinkAnnotations.cve-org). The NVD detail can be found on [NVD](resourceLinkAnnotations.nvd).
Official resources
CVE-2026-45175 was published on 2026-06-11T20:16:22.653Z and modified on 2026-06-11T20:56:29.653Z.