CVE-2026-2914

HIGH WAF: Low

CVSS 7.8 Published: 2026-02-25

CWE-269 CWE-269

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs

WAF Coverage Analysis

Improper Privilege Management Low WAF Coverage

OWASP: A01:2021 Broken Access Control

Improper Privilege Management Low WAF Coverage

OWASP: A01:2021 Broken Access Control

Affected Software

Vendor	Product	Version
cyberark	endpoint_privilege_manager	up to 25.11.0

References

docs.cyberark.com (Release Notes)
www.cyberark.com (Permissions Required, Vendor Advisory)

Back to CVE Database