CVE-2026-2914 PUBLISHED

Assigner: palo_alto
Reserved: 20.02.2026 Published: 25.02.2026 Updated: 25.02.2026

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Product Status

Vendor CyberArk Software, a Palo Alto Networks Company
Product Endpoint Privilege Manager Agent
Versions Default: unaffected
  • affected from 25.10 to 25.12 (excl.)

Credits

  • CyberArk Software, a Palo Alto Networks Company thanks Christophe Rieunier - CERT La Poste for discovering this issue. finder

References

Problem Types

  • Insecure Permissions

Impacts

  • Escalation of Privileges