Description
A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.
Published: 2026-06-11
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local user can trigger the flaw by initiating the log collection process in the Identity Agent, causing the agent to resolve a supplied path to an executable without proper validation. This allows the attacker to run arbitrary code as the SYSTEM account, giving full control over the Windows machine.

Affected Systems

The vulnerability affects Check Point Identity Agent Full running on Windows operating systems. No specific version numbers are cited in the available documentation.

Risk and Exploitability

The CVSS score of 7.8 signals a high severity flaw. It is not listed in the CISA KEV catalog and no EPSS score is provided, but the local‑only attack vector and requirement for an authenticated user means the risk is significant in environments where local accounts are not tightly restricted.

Generated by OpenCVE AI on June 11, 2026 at 20:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or upgrade to the latest version of Check Point Identity Agent Full.
  • Restrict local accounts to roles with the least privilege required for legitimate use, ensuring the attacker has no ability to execute the vulnerable process.
  • If possible, disable or isolate the log collection feature that performs untrusted executable resolution, to eliminate the exploitation pathway.
  • Continuously monitor system logs for unusual execution events or privilege‑elevation attempts that may indicate exploitation.

Generated by OpenCVE AI on June 11, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Checkpoint
Checkpoint identity Agent
Vendors & Products Checkpoint
Checkpoint identity Agent

Thu, 11 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.
Title Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Checkpoint Identity Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published:

Updated: 2026-06-11T14:20:43.159Z

Reserved: 2026-06-04T12:13:32.828Z

Link: CVE-2026-10847

cve-icon Vulnrichment

Updated: 2026-06-11T14:20:39.322Z

cve-icon NVD

Status : Deferred

Published: 2026-06-11T14:16:26.060

Modified: 2026-06-11T15:30:51.693

Link: CVE-2026-10847

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T21:15:06Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element