{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2123", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2026-02-06T14:55:51.920Z", "datePublished": "2026-03-31T17:18:43.202Z", "dateUpdated": "2026-03-31T18:00:56.901Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-03-31T17:18:43.202Z"}, "title": "Privilege escalation vulnerability in Operations Agent", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-280", "description": "CWE-280 Improper handling of insufficient permissions or privileges", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "affected": [{"vendor": "OpenText", "product": "Operations Agent", "platforms": ["Windows"], "collectionURL": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "packageName": "OvEaAgt", "repo": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "modules": ["libopc_r"], "programFiles": ["ntproc.c"], "versions": [{"status": "affected", "version": "OA 12.22", "lessThanOrEqual": "OA 12.29", "changes": [{"at": "OA 12.30", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of\nOneconsult AG for reporting this vulnerability", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><p>A security audit identified a privilege escalation\nvulnerability in Operations Agent(&lt;=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.<span>Thanks to Manuel Rickli &amp; Philippe Leiser of\nOneconsult AG for reporting this vulnerability</span></p></div>"}]}], "tags": ["x_oa_privilege_escalation"], "references": [{"url": "https://portal.microfocus.com/s/article/KM000046068", "tags": ["customer-entitlement"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "solutions": [{"lang": "en", "value": "The hotfix can be downloaded from the\u00a0 Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/ \u00a0for the OA versions mentioned below.\u00a0\n\nPlease follow the readme.txt\nincluded in the hotfix zip file for\u00a0install instructions.\u00a0\n\nOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\n\nOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u00a0\n\nOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\n\nOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\n\nOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\n\nOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The hotfix can be downloaded from the&nbsp;<a href=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\" title=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\">Marketplace</a>&nbsp;for the OA versions mentioned below.&nbsp;</p><p>Please follow the readme.txt\nincluded in the hotfix zip file for&nbsp;install instructions.&nbsp;</p><p>OA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar</p><p>OA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar&nbsp;</p><p>OA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar</p><p>OA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar</p><p>OA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar</p><p>OA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar</p><p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n</p><p>&nbsp;</p>"}]}], "source": {"defect": ["2761008"], "advisory": "2761008", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:58:14.103027Z", "id": "CVE-2026-2123", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:00:56.901Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2123", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2026-02-06T14:55:51.920Z", "datePublished": "2026-03-31T17:18:43.202Z", "dateUpdated": "2026-03-31T18:00:56.901Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-03-31T17:18:43.202Z"}, "title": "Privilege escalation vulnerability in Operations Agent", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-280", "description": "CWE-280 Improper handling of insufficient permissions or privileges", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "affected": [{"vendor": "OpenText", "product": "Operations Agent", "platforms": ["Windows"], "collectionURL": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "packageName": "OvEaAgt", "repo": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "modules": ["libopc_r"], "programFiles": ["ntproc.c"], "versions": [{"status": "affected", "version": "OA 12.22", "lessThanOrEqual": "OA 12.29", "changes": [{"at": "OA 12.30", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of\nOneconsult AG for reporting this vulnerability", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><p>A security audit identified a privilege escalation\nvulnerability in Operations Agent(&lt;=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.<span>Thanks to Manuel Rickli &amp; Philippe Leiser of\nOneconsult AG for reporting this vulnerability</span></p></div>"}]}], "tags": ["x_oa_privilege_escalation"], "references": [{"url": "https://portal.microfocus.com/s/article/KM000046068", "tags": ["customer-entitlement"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "solutions": [{"lang": "en", "value": "The hotfix can be downloaded from the\u00a0 Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/ \u00a0for the OA versions mentioned below.\u00a0\n\nPlease follow the readme.txt\nincluded in the hotfix zip file for\u00a0install instructions.\u00a0\n\nOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\n\nOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u00a0\n\nOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\n\nOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\n\nOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\n\nOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The hotfix can be downloaded from the&nbsp;<a href=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\" title=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\">Marketplace</a>&nbsp;for the OA versions mentioned below.&nbsp;</p><p>Please follow the readme.txt\nincluded in the hotfix zip file for&nbsp;install instructions.&nbsp;</p><p>OA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar</p><p>OA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar&nbsp;</p><p>OA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar</p><p>OA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar</p><p>OA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar</p><p>OA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar</p><p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n</p><p>&nbsp;</p>"}]}], "source": {"defect": ["2761008"], "advisory": "2761008", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T17:58:14.103027Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:00:14.961Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of\nOneconsult AG for reporting this vulnerability"}], "id": "CVE-2026-2123", "lastModified": "2026-03-31T18:16:46.293", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2026-03-31T18:16:46.293", "references": [{"source": "security@opentext.com", "url": "https://portal.microfocus.com/s/article/KM000046068"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-280"}], "source": "security@opentext.com", "type": "Primary"}]}

{}

{}