Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.5
CyberArk Endpoint Privilege Manager Agent: Unauthorized Privilege Elevation Risk
CVE-2026-2914
Summary
The CyberArk Endpoint Privilege Manager Agent, used for managing user privileges, has a security issue where an attacker could gain more access than they should. This could happen if a user is tricked into allowing an unauthorized elevation of privileges through a misleading prompt. Users should update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cyberark | endpoint_privilege_manager | <= 25.11.0 | – |
Original title
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs
Original description
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs
nvd CVSS3.1
7.8
nvd CVSS4.0
8.5
Vulnerability type
CWE-269
Improper Privilege Management
- https://docs.cyberark.com/epm/latest/en/content/release%20notes/release-notes.ht... Release Notes
- https://www.cyberark.com/product-security/ Permissions Required Vendor Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026