PT-2026-29098 · Symantec · Symantec Data Loss Prevention Windows Endpoint
Manuel Feifel
·
Published
2026-03-30
·
Updated
2026-04-02
·
CVE-2026-3991
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Symantec Data Loss Prevention Windows Endpoint versions prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15.
Description
The software may be susceptible to an Elevation of Privilege issue, allowing an attacker to gain elevated access to normally protected resources. The issue involves a hardcoded OpenSSL configuration path, potentially enabling an attacker to obtain a SYSTEM shell directly within the DLP process.
Recommendations
Update to a version prior to 25.1 MP1.
Update to a version prior to 16.1 MP2.
Update to a version prior to 16.0 RU2 HF9.
Update to a version prior to 16.0 RU1 MP1 HF12.
Update to a version prior to 16.0 MP2 HF15.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Data Loss Prevention Windows Endpoint