CVE-2026-3991

HIGH

Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint

Title source: cna

Description

Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

References (1)

[Vendor Advisory] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37306

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-829

Status published

Products (5)

Broadcom/Data Loss Prevention 16.0.00215.62094

Broadcom/Data Loss Prevention 16.0.10112.60928

Broadcom/Data Loss Prevention 16.0.20009.60689

Broadcom/Data Loss Prevention 16.1.00200.60431

Broadcom/Data Loss Prevention 25.1.00100.60229

Published Mar 30, 2026

Tracked Since Mar 31, 2026