Critical Symantec DLP Agent Vulnerability Enables Privilege Escalation

Critical Symantec DLP Agent Vulnerability Enables Privilege Escalation

First seen 2 Apr 2026, 07:31 UTC GbhackersCybersecuritynews 89% similarity 72.0

Article Content

Browse articles
ThreatCluster

A high-severity vulnerability, tracked as CVE-2026-3991, has been identified in the Symantec Data Loss Prevention (DLP) Agent for Windows. Discovered by security researcher Manuel Feifel, this flaw allows low-privileged local attackers to escalate their privileges to the highest level on affected systems. The vulnerability carries a CVSS score of 7.8, indicating a significant risk of deep system compromise. Broadcom has released patches to address this issue as of March 30, 2026. Organizations using the Symantec DLP Agent should prioritize applying these patches to mitigate potential attacks. The flaw affects Windows systems running the DLP Agent, making it critical for enterprises reliant on this software. Immediate action is recommended to prevent exploitation. The vulnerability was published on March 30, 2026.

Key Points: • CVE-2026-3991 allows low-privileged attackers to escalate privileges on Windows systems. • The vulnerability has a CVSS score of 7.8, indicating a high severity level. • Broadcom has released patches as of March 30, 2026, which should be applied immediately.

ThreatCluster AI

Timeline

2026-03-30
CVE-2026-3991 published
2026-03-30
Patches released by Broadcom to address the vulnerability
2026-04-02
Articles report on the vulnerability and its implications

Community

Browse all →