CVE-2026-2123 | THREATINT

Description

A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability

PUBLISHED Reserved 2026-02-06 | Published 2026-03-31 | Updated 2026-03-31 | Assigner OpenText

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-280 Improper handling of insufficient permissions or privileges

Product status

Default status

unaffected

OA 12.22 (custom)

affected

References

portal.microfocus.com/s/article/KM000046068 customer-entitlement

cve.org (CVE-2026-2123)

nvd.nist.gov (CVE-2026-2123)

Download JSON