{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3991", "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "state": "PUBLISHED", "assignerShortName": "symantec", "dateReserved": "2026-03-11T16:47:38.735Z", "datePublished": "2026-03-30T18:27:31.430Z", "dateUpdated": "2026-03-31T03:55:42.659Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec", "dateUpdated": "2026-03-30T18:27:31.430Z"}, "title": "Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint", "datePublic": "2026-03-30T19:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-829", "description": "CWE-829 Inclusion of functionality from untrusted control sphere", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "Broadcom", "product": "Data Loss Prevention", "platforms": ["Windows"], "versions": [{"status": "unaffected", "version": "25.1.00100.60229"}, {"status": "unaffected", "version": "16.1.00200.60431"}, {"status": "unaffected", "version": "16.0.20009.60689"}, {"status": "unaffected", "version": "16.0.10112.60928"}, {"status": "unaffected", "version": "16.0.00215.62094"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."}]}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37306", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Manuel Feifel", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-3991"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T03:55:42.659Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user."}], "id": "CVE-2026-3991", "lastModified": "2026-03-30T19:16:27.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@symantec.com", "type": "Secondary"}]}, "published": "2026-03-30T19:16:27.207", "references": [{"source": "secure@symantec.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37306"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "secure@symantec.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-30T20:51:51.775882+00:00", "value": {"mitigation_remediation": ["Apply the latest version that includes the fix, at least 25.1 MP1 for the 25.x branch or the latest update for the 16.x branch.", "Verify the patch by checking the installed product version and re\u2011scanning for vulnerabilities to confirm resolution.", "If immediate patching is not possible, monitor for updates and schedule the upgrade as soon as feasible."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Broadcom Data Loss Prevention for Windows is affected. Versions released prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15 are vulnerable. Users should verify their installed version against this list and plan for an upgrade to a fixed release.", "description_and_impact": "Symantec Data Loss Prevention for Windows endpoints contains an elevation of privilege flaw that allows an attacker to gain higher levels of access than intended. The weakness, identified as CWE-829, can enable a user to perform administrative actions such as modifying protected files, changing system settings, or executing commands that normally require elevated privileges, potentially compromising confidentiality and integrity of protected data.", "risk_and_exploitability": "The vulnerability carries a high severity CVSS score of 7.8. No EPSS score is reported and the CVE is not listed in CISA\u2019s KEV catalog, indicating limited known exploitation activity. Based on the description, it is inferred that the attack likely requires local execution or compromise of a trusted component, after which an attacker could gain system-wide control. The impact remains significant for organizations relying on this product to protect sensitive data."}}}}, "created": "2026-03-30T20:55:15.888441+00:00", "updated": "2026-03-30T20:55:15.888467+00:00", "vendors": []}