CVE-2023-0400

MEDIUM

DLP for Windows <11.10.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-0400. PoCs published by pinpinsec.

AI-analyzed exploit summary This repository contains a README referencing a Trellix Data Loss Prevention (DLP) bypass vulnerability (CVE-2023-0400) with a link to the vendor's security bulletin. No exploit code or technical details are provided.

Description

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.

Exploits (1)

nomisec WRITEUP

by pinpinsec · poc

https://github.com/pinpinsec/CVE-2023-0400

View Code ZIP pw:eip

This repository contains a README referencing a Trellix Data Loss Prevention (DLP) bypass vulnerability (CVE-2023-0400) with a link to the vendor's security bulletin. No exploit code or technical details are provided.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Trellix Data Loss Prevention (DLP)

No auth needed

Prerequisites: Access to Trellix DLP system

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mitigation, Vendor Advisory

https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US

Scores

CVSS v3 5.9

EPSS 0.0042

EPSS Percentile 33.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-427 CWE-670

Status published

Products (1)

trellix/data_loss_prevention 11.9.0 - 11.10.0

Published Feb 02, 2023

Tracked Since Feb 18, 2026