CVE-2026-2123
Received Received - Intake
Privilege Escalation in Operations Agent (<=12.29) on Windows

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: OpenText

Description
A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2123
EUVD
EUVD-2026-17534
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
microfocus operations_agent From 12.22 (inc) to 12.29 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-280 The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a privilege escalation issue found in the Operations Agent software (version 12.29 or earlier) on Windows systems. Under certain specific conditions, the Operations Agent may execute programs from particular writable locations, which could allow an attacker to run unauthorized code with elevated privileges.

Impact Analysis

The impact of this vulnerability is that an attacker with limited privileges could exploit it to gain higher-level access on the affected system. This could lead to unauthorized actions, such as installing malicious software, accessing sensitive data, or disrupting system operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2123. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart