Description
Potential security vulnerabilities have been identified in the HP One
Agent for certain HP PC products, which might allow
for escalation of privilege and/or denial of service. HP
is releasing software updates to mitigate these potential
vulnerabilities.
Published: 2026-06-15
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw exists in HP One Agent, a management agent that runs on certain HP PC products, that could allow an attacker to gain higher privileges or cause a denial of service. The weakness is identified as CWE‑427, indicating improper handling of privileged paths or other privilege‑related misconfigurations. If exploited, the attacker could execute commands or crash the agent, potentially leading to broader system compromise or unavailability. Both confidentiality and integrity risks arise from the privilege escalation, while availability is threatened by the denial of service aspect.

Affected Systems

The vulnerability affects HP Inc. HP One Agent Software on Windows platforms. Specific affected versions are not listed in the advisory, so all installations of the HP One Agent that are running the identified code paths are potentially vulnerable until an update is applied. No further version details or product sub‑variants were disclosed.

Risk and Exploitability

The CVSS score of 8.5 signals a high severity. The EPSS score indicates a very low yet non‑zero probability of exploitation; the vulnerability is currently not in the CISA KEV catalog. Based on the description, the likely attack vector involves an actor already with local access to the device or one who can remotely interact with the Agent service. The exploitation would require the attacker to trigger the privileged path handling flaw, which could be achieved via crafted input or configuration changes. Because the exploit relies on privileged path usage, it is expected that the attacker would need at least user‑level access or the ability to run code within the HP One Agent context.

Generated by OpenCVE AI on June 17, 2026 at 22:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the HP published patch or update to the latest HP One Agent software
  • If immediate update is not possible, disable the HP One Agent service to remove the attack surface
  • Ensure the Agent runs with the least privileges needed and that system path variables are validated against the known vulnerability

Generated by OpenCVE AI on June 17, 2026 at 22:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp one Agent Software
Vendors & Products Hp
Hp one Agent Software

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities.
Title HP One Agent Software – Security Update
First Time appeared Hp Inc.
Hp Inc. hp One Agent Software
Weaknesses CWE-427
CPEs cpe:2.3:a:hp_inc.:hp_one_agent_software:*:*:windows:*:*:*:*:*
Vendors & Products Hp Inc.
Hp Inc. hp One Agent Software
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Hp One Agent Software
Hp Inc. Hp One Agent Software
cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2026-06-18T03:55:43.182Z

Reserved: 2026-03-27T20:50:13.974Z

Link: CVE-2026-5064

cve-icon Vulnrichment

Updated: 2026-06-16T14:48:11.106Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T22:16:18.553

Modified: 2026-06-16T15:42:57.150

Link: CVE-2026-5064

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:24Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element