CVE-2026-2123
Received Received - Intake

Privilege Escalation in Operations Agent (<=12.29) on Windows

Vulnerability report for CVE-2026-2123, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: OpenText

Description

A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-07-06
AI Q&A
2026-03-31
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microfocus operations_agent From 12.22 (inc) to 12.29 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-280 The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a privilege escalation issue found in the Operations Agent software (version 12.29 or earlier) on Windows systems. Under certain specific conditions, the Operations Agent may execute programs from particular writable locations, which could allow an attacker to run unauthorized code with elevated privileges.

Impact Analysis

The impact of this vulnerability is that an attacker with limited privileges could exploit it to gain higher-level access on the affected system. This could lead to unauthorized actions, such as installing malicious software, accessing sensitive data, or disrupting system operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2123. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart