CVE-2026-2123

Summary

A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability

Affected Software

VendorProductVersion RangeStatus
OpenTextOperations AgentOA 12.22 <= OA 12.29affected

Weaknesses

  • CWE-280: CWE-280 Improper handling of insufficient permissions or privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References