CVE-2026-3991 PUBLISHED

Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint

Assigner: symantec
Reserved: 11.03.2026 Published: 30.03.2026 Updated: 31.03.2026

Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Broadcom
Product	Data Loss Prevention
Versions	Default: affected Version 25.1.00100.60229 is unaffected Version 16.1.00200.60431 is unaffected Version 16.0.20009.60689 is unaffected Version 16.0.10112.60928 is unaffected Version 16.0.00215.62094 is unaffected

Credits

Manuel Feifel finder

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37306

Problem Types

CWE-829 Inclusion of functionality from untrusted control sphere CWE

Impacts

CAPEC-233 Privilege Escalation