Critical Symantec DLP Agent Vulnerability Enables Privilege Escalation

Severity: High (Score: 72.0)

Sources: Gbhackers, Cybersecuritynews

Summary

A high-severity vulnerability, tracked as CVE-2026-3991, has been identified in the Symantec Data Loss Prevention (DLP) Agent for Windows. Discovered by security researcher Manuel Feifel, this flaw allows low-privileged local attackers to escalate their privileges to the highest level on affected systems. The vulnerability carries a CVSS score of 7.8, indicating a significant risk of deep system compromise. Broadcom has released patches to address this issue as of March 30, 2026. Organizations using the Symantec DLP Agent should prioritize applying these patches to mitigate potential attacks. The flaw affects Windows systems running the DLP Agent, making it critical for enterprises reliant on this software. Immediate action is recommended to prevent exploitation. The vulnerability was published on March 30, 2026. Key Points: • CVE-2026-3991 allows low-privileged attackers to escalate privileges on Windows systems. • The vulnerability has a CVSS score of 7.8, indicating a high severity level. • Broadcom has released patches as of March 30, 2026, which should be applied immediately.

Key Entities

• Ta416 (apt_group)
• Malware (attack_type)
• Broadcom (company)
• Symantec (company)
• CVE-2026-3991 (cve)
• T1055 - Process Injection (mitre_attack)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• Windows (platform)