{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2123", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2026-02-06T14:55:51.920Z", "datePublished": "2026-03-31T17:18:43.202Z", "dateUpdated": "2026-03-31T18:00:56.901Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-03-31T17:18:43.202Z"}, "title": "Privilege escalation vulnerability in Operations Agent", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-280", "description": "CWE-280 Improper handling of insufficient permissions or privileges", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "affected": [{"vendor": "OpenText", "product": "Operations Agent", "platforms": ["Windows"], "collectionURL": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "packageName": "OvEaAgt", "repo": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "modules": ["libopc_r"], "programFiles": ["ntproc.c"], "versions": [{"status": "affected", "version": "OA 12.22", "lessThanOrEqual": "OA 12.29", "changes": [{"at": "OA 12.30", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of\nOneconsult AG for reporting this vulnerability", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><p>A security audit identified a privilege escalation\nvulnerability in Operations Agent(&lt;=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.<span>Thanks to Manuel Rickli &amp; Philippe Leiser of\nOneconsult AG for reporting this vulnerability</span></p></div>"}]}], "tags": ["x_oa_privilege_escalation"], "references": [{"url": "https://portal.microfocus.com/s/article/KM000046068", "tags": ["customer-entitlement"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "solutions": [{"lang": "en", "value": "The hotfix can be downloaded from the\u00a0 Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/ \u00a0for the OA versions mentioned below.\u00a0\n\nPlease follow the readme.txt\nincluded in the hotfix zip file for\u00a0install instructions.\u00a0\n\nOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\n\nOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u00a0\n\nOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\n\nOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\n\nOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\n\nOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The hotfix can be downloaded from the&nbsp;<a href=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\" title=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\">Marketplace</a>&nbsp;for the OA versions mentioned below.&nbsp;</p><p>Please follow the readme.txt\nincluded in the hotfix zip file for&nbsp;install instructions.&nbsp;</p><p>OA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar</p><p>OA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar&nbsp;</p><p>OA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar</p><p>OA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar</p><p>OA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar</p><p>OA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar</p><p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n</p><p>&nbsp;</p>"}]}], "source": {"defect": ["2761008"], "advisory": "2761008", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:58:14.103027Z", "id": "CVE-2026-2123", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:00:56.901Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T17:58:14.103027Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:00:14.961Z"}}], "cna": {"tags": ["x_oa_privilege_escalation"], "title": "Privilege escalation vulnerability in Operations Agent", "source": {"defect": ["2761008"], "advisory": "2761008", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "vendor": "OpenText", "modules": ["libopc_r"], "product": "Operations Agent", "versions": [{"status": "affected", "changes": [{"at": "OA 12.30", "status": "unaffected"}], "version": "OA 12.22", "versionType": "custom", "lessThanOrEqual": "OA 12.29"}], "platforms": ["Windows"], "packageName": "OvEaAgt", "programFiles": ["ntproc.c"], "collectionURL": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The hotfix can be downloaded from the\u00a0 Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/ \u00a0for the OA versions mentioned below.\u00a0\n\nPlease follow the readme.txt\nincluded in the hotfix zip file for\u00a0install instructions.\u00a0\n\nOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\n\nOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u00a0\n\nOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\n\nOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\n\nOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\n\nOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar", "supportingMedia": [{"type": "text/html", "value": "<p>The hotfix can be downloaded from the&nbsp;<a href=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\" title=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\">Marketplace</a>&nbsp;for the OA versions mentioned below.&nbsp;</p><p>Please follow the readme.txt\nincluded in the hotfix zip file for&nbsp;install instructions.&nbsp;</p><p>OA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar</p><p>OA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar&nbsp;</p><p>OA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar</p><p>OA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar</p><p>OA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar</p><p>OA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar</p><p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n</p><p>&nbsp;</p>", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000046068", "tags": ["customer-entitlement"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of\nOneconsult AG for reporting this vulnerability", "supportingMedia": [{"type": "text/html", "value": "<div><p>A security audit identified a privilege escalation\nvulnerability in Operations Agent(&lt;=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.<span>Thanks to Manuel Rickli &amp; Philippe Leiser of\nOneconsult AG for reporting this vulnerability</span></p></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-280", "description": "CWE-280 Improper handling of insufficient permissions or privileges"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-03-31T17:18:43.202Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2123", "state": "PUBLISHED", "dateUpdated": "2026-03-31T18:00:56.901Z", "dateReserved": "2026-02-06T14:55:51.920Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2026-03-31T17:18:43.202Z", "assignerShortName": "OpenText"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6956571-9969-4994-8581-EF3E6EB77048", "versionEndIncluding": "12.29", "versionStartIncluding": "12.22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of\nOneconsult AG for reporting this vulnerability"}], "id": "CVE-2026-2123", "lastModified": "2026-04-03T18:46:01.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2026-03-31T18:16:46.293", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000046068"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-280"}], "source": "security@opentext.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[OA 12.22,OA 12.29]"}}, {"platform": ["Windows"], "status": "unaffected", "versions": {"scheme": "generic", "value": "OA 12.30"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "operations_agent", "vendor": "opentext"}], "analysis": {"en": {"generated_at": "2026-03-31T18:20:51.262436+00:00", "value": {"mitigation_remediation": ["Verify the Operations Agent version on your Windows servers. If the version is 12.29 or earlier, consider it vulnerable until patched. Download the appropriate hotfix from the OpenText Marketplace for your version. Apply the hotfix following the instructions in the readme.txt bundled with the .tar file. After installation, confirm that executables cannot be launched from the previously writable locations. If immediate patching is not possible, restrict write access to those directories to prevent an attacker from dropping malicious files."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "OpenText Operations Agent versions 12.24 through 12.29 running on Windows are affected. Impacted binaries include HFWIN_1224028.tar through HFWIN_1229007.tar, each corresponding to a specific OA release within the 12.24 to 12.29 range.", "description_and_impact": "The vulnerability in OpenText Operations Agent allows an attacker to execute arbitrary programs from writable locations on a Windows system. By doing so, the attacker can gain elevated privileges, effectively bypassing security controls and accessing system resources that should be protected. This flaw is classified as a user-controlled write weakness (CWE\u2011280) and can result in arbitrary code execution with higher privileges.", "risk_and_exploitability": "With a CVSS score of 8.6, this issue is considered high risk. Exploitation requires the attacker to write files to specific directories that the agent processes, which may be achievable through local, compromised, or shared user accounts. The vulnerability is not yet listed in the CISA KEV catalog, and EPSS data is not available, but the high severity indicates a significant risk if the conditions are met."}}}}, "created": "2026-03-31T19:53:48.034823+00:00", "updated": "2026-03-31T20:37:45.773110+00:00", "vendors": ["opentext", "opentext$PRODUCT$operations_agent"]}