Description
A security audit identified a privilege escalation
vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions
Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of
Oneconsult AG for reporting this vulnerability
Published: 2026-03-31
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation leading to execution of arbitrary code with elevated privileges.
Action: Immediate Patch
AI Analysis

Impact

A privilege escalation flaw allows the Operations Agent to run executables from writable locations. If an attacker can place a malicious file in such a location, the agent will execute it with the permissions of the agent process, potentially allowing full system compromise on Windows and affecting confidentiality, integrity and availability.

Affected Systems

Affected are OpenText Operations Agent installations on Windows, versions 12.24 through 12.29. The flaw exists in all releases up to and including 12.29.

Risk and Exploitability

The CVSS score of 8.6 classifies the flaw as high severity. The EPSS score of less than 1 percent indicates that active exploitation is expected to be rare, and the vulnerability is not listed in the CISA KEV catalog. The likely attack path is local: an attacker with write access to a directory that Operations Agent scans for executables. If such access can be obtained, the flaw can be leveraged to gain the agent’s privileges, which may be elevated on the system. Because the attack requires the agent to be running and a writable location, the risk is significant in environments where the agent runs under high‑privilege accounts or where directory permissions are lax.

Generated by OpenCVE AI on April 3, 2026 at 21:26 UTC.

Remediation

Vendor Solution

The hotfix can be downloaded from the  Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/  for the OA versions mentioned below.  Please follow the readme.txt included in the hotfix zip file for install instructions.  OA 12.24 - HFWIN_1224028.tar, HFWIN_1224029.tar OA 12.25 - HFWIN_1225045.tar,HFWIN_1225046.tar  OA 12.26 - HFWIN_1226039.tar, HFWIN_1226040.tar OA 12.27 - HFWIN_1227023.tar, HFWIN_1227024.tar OA 12.28 - HFWIN_1228020.tar, HFWIN_1228021.tar OA 12.29 - HFWIN_1229006.tar, HFWIN_1229007.tar

OpenCVE Recommended Actions

  • Download and install the hotfix package corresponding to your Operations Agent version from the OpenText Marketplace.
  • Follow the readme.txt instructions in the zip file to apply the hotfix and restart the Operations Agent service.
  • After applying the fix, verify that the agent no longer runs executables from writable directories by testing file execution permissions.
  • As a temporary mitigation, restrict write permissions on the directories from which Operations Agent can execute files, or disable that execution feature if supported.
  • Enable logging and monitor for anomalous execution events to detect potential exploitation attempts.

Generated by OpenCVE AI on April 3, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Microfocus
Microfocus operations Agent
Microsoft
Microsoft windows
CPEs cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microfocus
Microfocus operations Agent
Microsoft
Microsoft windows
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Opentext
Opentext operations Agent
Vendors & Products Opentext
Opentext operations Agent

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability
Title Privilege escalation vulnerability in Operations Agent
Weaknesses CWE-280
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Microfocus Operations Agent
Microsoft Windows
Opentext Operations Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published:

Updated: 2026-03-31T18:00:56.901Z

Reserved: 2026-02-06T14:55:51.920Z

Link: CVE-2026-2123

cve-icon Vulnrichment

Updated: 2026-03-31T18:00:14.961Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T18:16:46.293

Modified: 2026-04-03T18:46:01.670

Link: CVE-2026-2123

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:07:52Z

Weaknesses