CVE-2026-2123 - Vulnerability Details

Description

A security audit identified a privilege escalation
vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions
Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of
Oneconsult AG for reporting this vulnerability

Published: 2026-03-31

Score: 8.6 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in OpenText Operations Agent allows an attacker to execute arbitrary programs from writable locations on a Windows system. By doing so, the attacker can gain elevated privileges, effectively bypassing security controls and accessing system resources that should be protected. This flaw is classified as a user-controlled write weakness (CWE‑280) and can result in arbitrary code execution with higher privileges.

Affected Systems

OpenText Operations Agent versions 12.24 through 12.29 running on Windows are affected. Impacted binaries include HFWIN_1224028.tar through HFWIN_1229007.tar, each corresponding to a specific OA release within the 12.24 to 12.29 range.

Risk and Exploitability

With a CVSS score of 8.6, this issue is considered high risk. Exploitation requires the attacker to write files to specific directories that the agent processes, which may be achievable through local, compromised, or shared user accounts. The vulnerability is not yet listed in the CISA KEV catalog, and EPSS data is not available, but the high severity indicates a significant risk if the conditions are met.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

OpenText

Operations Agent

unaffected

Version	Status	Constraints
`OA 12.22`	affected	≤ OA 12.29

No data.

Vendor Product Confidence Versions

Opentext

Operations Agent

100%

Version	Status	Scheme	Platform
`[OA 12.22,OA 12.29]`	affected	generic	['Windows']
`OA 12.30`	unaffected	generic	['Windows']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

The hotfix can be downloaded from the Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/ for the OA versions mentioned below. Please follow the readme.txt included in the hotfix zip file for install instructions. OA 12.24 - HFWIN_1224028.tar, HFWIN_1224029.tar OA 12.25 - HFWIN_1225045.tar,HFWIN_1225046.tar OA 12.26 - HFWIN_1226039.tar, HFWIN_1226040.tar OA 12.27 - HFWIN_1227023.tar, HFWIN_1227024.tar OA 12.28 - HFWIN_1228020.tar, HFWIN_1228021.tar OA 12.29 - HFWIN_1229006.tar, HFWIN_1229007.tar

OpenCVE Recommended Actions

Verify the Operations Agent version on your Windows servers. If the version is 12.29 or earlier, consider it vulnerable until patched. Download the appropriate hotfix from the OpenText Marketplace for your version. Apply the hotfix following the instructions in the readme.txt bundled with the .tar file. After installation, confirm that executables cannot be launched from the previously writable locations. If immediate patching is not possible, restrict write access to those directories to prevent an attacker from dropping malicious files.

Generated by OpenCVE AI on March 31, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://portal.microfocus.com/s/article/KM000046068

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opentext Opentext operations Agent
Vendors & Products		Opentext Opentext operations Agent

Tue, 31 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability
Title		Privilege escalation vulnerability in Operations Agent
Weaknesses		CWE-280
References		https://portal.microfocus.com/s/article/KM000046068
Metrics		cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

Subscriptions

Opentext Operations Agent

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2026-03-31T17:18:43.202Z

Updated: 2026-03-31T18:00:56.901Z

Reserved: 2026-02-06T14:55:51.920Z

Link: CVE-2026-2123

Vulnrichment

Updated: 2026-03-31T18:00:14.961Z

NVD

Status : Received

Published: 2026-03-31T18:16:46.293

Modified: 2026-03-31T18:16:46.293

Link: CVE-2026-2123

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T20:37:45Z

Weaknesses

CWE-280

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object