VYPR
← All advisories
High severityNVD Advisory· Published Jun 11, 2026

CVE-2026-45174

CVE-2026-45174

Description

A local attacker can compromise the initialization of the Idira EPM Linux Agent daemon in versions prior to 26.5, potentially leading to privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local attacker can compromise the initialization of the Idira EPM Linux Agent daemon in versions prior to 26.5, potentially leading to privilege escalation.

Vulnerability

The Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 contain a vulnerability in the agent daemon initialization process. The exact nature of the flaw is not detailed in public references, but it affects the startup sequence of the agent service. [1]

Exploitation

A local attacker with access to the system can exploit this vulnerability by triggering or influencing the agent daemon initialization. The attacker does not require any special authentication beyond local user access. The specific steps are not disclosed, but the flaw is reachable during the daemon startup process. [1]

Impact

Successful exploitation could allow the attacker to compromise the agent daemon initialization, potentially leading to arbitrary code execution in the context of the agent (which typically runs with elevated privileges). This could result in full compromise of the affected system. The impact is rated as High by CyberArk. [1]

Mitigation

The vulnerability is fixed in version 26.5.0 of the Idira Endpoint Privilege Manager Linux Agent. Users should upgrade to this version or later. No workarounds have been publicly disclosed. [1]

References
  1. Release notes for the Linux EPM agent

AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.