Skip to main content

Check Point Identity Agent CVE-2026-10847

| EUVDEUVD-2026-36247 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-06-11 cve@checkpoint.com GHSA-phqv-gxhh-jc8p
7.8
CVSS 3.1 · Vendor: checkpoint
Share

Severity by source

Vendor (checkpoint) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local-only attack from an authenticated standard user (AV:L/PR:L), no user interaction or special complexity, and successful hijack yields SYSTEM with full C/I/A impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (checkpoint).

CVSS VectorVendor: checkpoint

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 11, 2026 - 14:30 vuln.today
CVE Published
Jun 11, 2026 - 14:16 cve.org
HIGH 7.8

DescriptionCVE.org

A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.

AnalysisAI

Local privilege escalation in Check Point Identity Agent Full for Windows allows an authenticated local user to execute arbitrary code with SYSTEM privileges through improper executable resolution during the log collection process. The flaw is a classic CWE-427 uncontrolled search path issue, and no public exploit has been identified at time of analysis. Exploitation is constrained to attackers who already have a foothold on the endpoint but provides a reliable path to full SYSTEM compromise.

Technical ContextAI

Check Point Identity Agent Full is a Windows endpoint client that maps logged-in users to IP addresses for Check Point gateway policy enforcement, typically running with elevated privileges as a Windows service. The vulnerability is categorized as CWE-427 (Uncontrolled Search Path Element), meaning the log-collection routine resolves an executable name without specifying a fully qualified, trusted path or otherwise validating the target binary. On Windows, this class of flaw typically manifests as DLL or EXE hijacking, where a privileged process loads an attacker-controlled binary from a writable directory that appears earlier in the search order than the legitimate one.

RemediationAI

Patch available per vendor advisory - consult Check Point sk185052 at https://support.checkpoint.com/results/sk/sk185052 for the fixed Identity Agent Full build and upgrade all Windows endpoints accordingly; exact fix version is not disclosed in the provided input. As compensating controls until patches are deployed, restrict local interactive logon on endpoints running Identity Agent to trusted users (limits the local foothold prerequisite), audit and remove write permissions for non-admin users on directories that appear in the SYSTEM PATH or in the Identity Agent installation path (mitigates planting of a hijack binary), and monitor process-creation telemetry for the Identity Agent service spawning unexpected children, especially during log-collection cycles. Side effects: tightening PATH/directory ACLs may break poorly written third-party installers that rely on world-writable program directories.

CVE-2017-1000083 HIGH POC
7.8 Sep 05

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e

CVE-2024-3568 CRITICAL POC
9.6 Apr 10

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data

CVE-2026-24747 HIGH POC
8.8 Jan 27

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

CVE-2022-41604 HIGH POC
8.8 Sep 27

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. Rated high sever

CVE-2024-24919 HIGH POC
8.6 May 28

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the inte

CVE-2026-58659 HIGH POC
8.4 Jul 15

Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious che

CVE-2019-8461 HIGH POC
7.8 Aug 29

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH lo

CVE-2019-8452 HIGH POC
7.8 Apr 22

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien

CVE-2013-7350 CRITICAL
10.0 Apr 01

Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x bef

CVE-2026-31214 CRITICAL
9.8 May 12

Arbitrary code execution via torch-checkpoint-shrink.py script in ml-engineering project allows remote attackers to exec

CVE-2019-8459 CRITICAL
9.8 Jun 20

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without us

CVE-2026-31222 HIGH
8.8 May 12

Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoin

Share

CVE-2026-10847 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy