CVE-2026-3991 HIGH

CVE-2026-3991: Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint

Weakness CWE-829 · Inclusion from untrusted sphere
Published March 30, 2026
Last update March 31, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Key dates

02Disclosure timeline

March 30, 2026 CVE published
March 31, 2026 Record updated