CVE-2026-45174 | Idira Endpoint Privilege Manager Linux Agent versions prior … | CVSS 8.5 HIGH

Description

Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19

Metadata

CVE ID: CVE-2026-45174
State: PUBLISHED
Assigner: palo_alto
Reserved: 2026-05-08 23:01 UTC
Published: 2026-06-11 21:22 UTC
Last updated: 2026-06-13 03:55 UTC
Primary CWE: CWE-404
CWE-404: Improper Resource Shutdown or Release
Vendor / Product: CyberArk Software, a Palo Alto Networks Company / Idira Endpoint Privilege Manager
Sources: cve.org · NVD

Severity & Metrics

8.5 HIGH CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
CyberArk Software, a Palo Alto Networks Company	Idira Endpoint Privilege Manager	Linux	26.0 < 26.5

Weakness (CWE)

CWE	Source	Description
CWE-404	cna	CWE-404: Improper Resource Shutdown or Release

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Amber

References (1)

https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-os-linux.htm#Version2650