CVE-2026-45175

Vulnerability

Idira Endpoint Privilege Manager (EPM) Agent versions prior to 26.5 (including Windows, macOS, and Linux platforms) contain an improper access control vulnerability within internal agent validation processes. The flaw resides in the agent's self-defense mechanisms and cryptographic validation logic, which fail to enforce proper access restrictions under specific conditions. Versions before 26.5 are affected, as noted in the vendor's security bulletin and release notes [1][2][3].

Exploitation

To exploit this vulnerability, an attacker must have local access to the system where the EPM Agent is installed. No special user privileges are required beyond the ability to interact with the agent's local processes or files. The attacker can trigger the flaw by manipulating the agent's internal state or input, bypassing the intended security controls. The exact sequence of steps is not detailed in the available references, but the attack relies on the agent's failure to properly validate access during internal operations [1][2].

Impact

Successful exploitation allows a local attacker to bypass the agent's self-defense mechanisms and execute unauthorized operations. This can lead to privilege escalation, arbitrary code execution, or other security policy violations, depending on the attacker's objectives. The integrity and confidentiality of the system are compromised, as the attacker gains the ability to override EPM's intended security controls [1][2][3].

Mitigation

The vulnerability is fixed in EPM Agent version 26.5.0 and later. Users are strongly advised to update their Windows, macOS, and Linux agents to version 26.5.0 or higher. No workarounds have been published for versions prior to 26.5, and upgrading is the only known mitigation. The issue is not listed on the CISA KEV catalog at the time of writing [1][2][3].