PatchSiren cyber security CVE debrief
CVE-2026-45176 CyberArk Software, a Palo Alto Networks Company CVE debrief
CVE-2026-45176 is a HIGH-severity vulnerability in Idiria Endpoint Privilege Manager Agent versions prior to 26.5. The vulnerability exhibits improper access control within high-privileged agent components, allowing a local, low-privileged attacker to potentially bypass permission restrictions and execute unauthorized local actions with elevated privileges.
- Vendor
- CyberArk Software, a Palo Alto Networks Company
- Product
- Idira Endpoint Privilege Manager
- CVSS
- HIGH 8.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of Idiria Endpoint Privilege Manager Agent versions prior to 26.5 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 8.9 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Idiria Endpoint Privilege Manager Agent to version 26.5 or later.
- Review and implement secure practices for local privilege management.
Evidence notes
The vulnerability is described in CyberArk Security Bulletin: CA26-19. References to release notes for Linux, macOS, and Windows versions can be found at resourceLinkAnnotations 'ref-4', 'ref-5', and 'ref-6'.
Official resources
CVE-2026-45176 was published on 2026-06-11T19:16:41.757Z and modified on 2026-06-11T20:56:29.653Z.