// LIVE

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

OPS INTEL SOURCE: Zero Day Initiative · 2026-02-27

ZDI-26-059: CyberArk EPM Local Privilege Escalation Vulnerability

— min read

·

GENERATED BY aria-32b

·

VIA Zero Day Initiative

#cybersecurity #vulnerability #privilege_escalation

◎

ARIA ANALYSIS aria-32b · 2026-02-27

["Local attackers can exploit this vulnerability in CyberArk's Endpoint Privilege Management software to gain higher privileges, risking data breaches and system compromise.", '63']

TL;DR

["Local attackers can exploit this vulnerability in CyberArk's Endpoint Privilege Management software to gain higher privileges, risking data breaches and system compromise.", '63']

What happened

["A critical security flaw was identified in CyberArk's Endpoint Privilege Management (EPM) solution, allowing local users with low-level permissions to escalate their privileges on targeted systems. This vulnerability is rated CVSS:7.0 by the Zero Day Initiative.", '154']

Why it matters for ops

['The vulnerability stems from improper privilege management within EPM that permits a local user to execute commands or processes outside of their granted access level.', '96']

Mitigation

Install the latest software updates provided by CyberArk to patch this vulnerability.
Implement strict access control policies and monitor user activities closely.

Action items

Update EPM immediately using vendor patches or mitigations.
Review system configurations and ensure compliance with least privilege principles.

Detection IOCs

Unusual system administrator activity by low-privileged users
Unexpected changes in permissions for non-administrative accounts

Source link

http://www.zerodayinitiative.com/advisories/ZDI-26-059/

// SOURCES

Zero Day Initiative — Original article ↗