CVE-2026-45176

Vulnerability

The Idira Endpoint Privilege Manager Agent (Windows, macOS, Linux) versions prior to 26.5.0 exhibit improper access control within high-privileged agent components. A local low-privileged attacker can manipulate an internal communication mechanism or file operation to bypass permission restrictions. The issue is addressed in version 26.5.0 as per the release notes [1][2][3].

Exploitation

Exploitation requires local access to the system with a low-privileged account. The attacker manipulates an internal communication mechanism or file operation used by the agent. The exact steps are not publicly disclosed, but the manipulation allows the attacker to trigger unauthorized actions within the agent's high-privileged components. No user interaction beyond the initial access is required.

Impact

Successful exploitation allows the attacker to execute local actions with elevated privileges, effectively bypassing permission restrictions. This could lead to privilege escalation from a low-privileged user to high-privileged (e.g., SYSTEM or root) within the affected system. The impact is confined to local unauthorized actions; remote exploitation is not possible.

Mitigation

The vulnerability is fixed in Idira EPM Agent version 26.5.0 (released with the 26.5.0 update). Users should upgrade to version 26.5.0 or later. The release notes for Windows [1], macOS [2], and Linux [3] agents confirm the security fix. If upgrading is not immediately possible, restrict local access to trusted users as a workaround. No evidence of exploitation in the wild or listing on CISA KEV as of the publication date.