Description
CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control.
Published: 2026-06-10
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Symantec Endpoint Protection CleanWipe Removal Tool for macOS, before version 16.0.0.65, contains a Local Privilege Escalation flaw classified as CWE‑250. An attacker who already has limited local privileges can exploit the tool to gain administrative rights on the affected system, allowing full control over the machine.

Affected Systems

Broadcom’s Symantec Endpoint Protection CleanWipe Removal Tool, macOS platform, impacted versions are all releases preceding 16.0.0.65.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. EPSS data are not available, and the vulnerability is not listed in the CISA KEV catalog, so the likelihood of exploitation is uncertain but could be achieved by a local user with access to the removal tool. Since the flaw is a privilege escalation, once the attacker succeeds they can compromise the entire system.

Generated by OpenCVE AI on June 10, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the CleanWipe Removal Tool to version 16.0.0.65 or later to disable the vulnerability.
  • If an upgrade cannot be performed immediately, uninstall or delete the removal tool from the system to eliminate the attack vector.
  • Apply file‑system permissions to restrict the tool’s execution rights to authorized administrators only, preventing unauthorized local users from invoking it.

Generated by OpenCVE AI on June 10, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Broadcom
Broadcom symantec Endpoint Protection
Vendors & Products Broadcom
Broadcom symantec Endpoint Protection

Wed, 10 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Description CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control.
Title Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool
Weaknesses CWE-250
References
Metrics cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Broadcom Symantec Endpoint Protection
cve-icon MITRE

Status: PUBLISHED

Assigner: symantec

Published:

Updated: 2026-06-10T19:17:45.257Z

Reserved: 2026-06-08T21:23:16.962Z

Link: CVE-2026-11626

cve-icon Vulnrichment

Updated: 2026-06-10T19:17:21.332Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-10T19:16:33.417

Modified: 2026-06-10T20:13:47.847

Link: CVE-2026-11626

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T10:41:00Z

Weaknesses
  • CWE-250

    Execution with Unnecessary Privileges