CVE-2026-2123
Privilege Escalation in Operations Agent (<=12.29) on Windows
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: OpenText
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microfocus | operations_agent | From 12.22 (inc) to 12.29 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a privilege escalation issue found in the Operations Agent software (version 12.29 or earlier) on Windows systems. Under certain specific conditions, the Operations Agent may execute programs from particular writable locations, which could allow an attacker to run unauthorized code with elevated privileges.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with limited privileges could exploit it to gain higher-level access on the affected system. This could lead to unauthorized actions, such as installing malicious software, accessing sensitive data, or disrupting system operations.