Privilege Escalation Vulnerability in Operations Agent by Micro Focus
CVE-2026-2123

8.6HIGH

Key Information:

Vendor

Opentext
Status
Operations Agent
Vendor
CVE Published:
31 March 2026

What is CVE-2026-2123?

A security audit has revealed a privilege escalation vulnerability in the Operations Agent product from Micro Focus, specifically affecting versions up to 12.29 on Windows. Under certain conditions, the Operations Agent can execute files from writable directories, which may allow attackers to escalate privileges and perform unauthorized actions. This vulnerability highlights the necessity for users to apply patches and adhere to security best practices to mitigate potential exploitation risks.

Affected Version(s)

Operations Agent Windows OA 12.22

References

https://portal.microfocus.com/s/article/KM000046068
customer-entitlement

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.