CVE-2026-8370 (GCVE-0-2026-8370)
Vulnerability from cvelistv5 – Published: 2026-05-19 18:42 – Updated: 2026-05-19 19:30
VLAI?
Title
Automic Automation Agent Unix privilege escalation
Summary
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.
This issue affects Automic Automation: < 24.4.4 HF1.
Severity ?
CWE
- CWE-250 - Execution with unnecessary privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Broadcom | Automic Automation |
Affected:
< 24.4.4 HF1
(custom)
Unaffected: 24.4.4 HF1 or later Unaffected: 26.0.0 |
Credits
David Suchy, Citadelo (citadelo.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T19:30:47.783803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T19:30:57.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Agent Unix",
"platforms": [
"Linux x64",
"Linux Power 64 BE",
"Linux Power 64 LE",
"zLinux (zSeries)",
"AIX",
"Solaris x64",
"Solaris Sparc 64"
],
"product": "Automic Automation",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "\u003c 24.4.4 HF1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.4.4 HF1 or later"
},
{
"status": "unaffected",
"version": "26.0.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_x64:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_be:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_le:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:zlinux_zseries_:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:aix:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_x64:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_sparc_64:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_x64:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_be:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_le:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:zlinux_zseries_:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:aix:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_x64:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_sparc_64:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_x64:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_be:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_le:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:zlinux_zseries_:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:aix:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_x64:*:*:*:*:*",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_sparc_64:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Suchy, Citadelo (citadelo.com)"
}
],
"datePublic": "2026-05-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\u003cp\u003eThis issue affects Automic Automation: \u0026lt; 24.4.4 HF1.\u003c/p\u003e"
}
],
"value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: \u003c 24.4.4 HF1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-69",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-69 Target Programs with Elevated Privileges"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with unnecessary privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T18:42:00.155Z",
"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"shortName": "ca"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Automic Automation Agent Unix privilege escalation",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f",
"assignerShortName": "ca",
"cveId": "CVE-2026-8370",
"datePublished": "2026-05-19T18:42:00.155Z",
"dateReserved": "2026-05-11T23:42:14.037Z",
"dateUpdated": "2026-05-19T19:30:57.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…