Cyber Resilience

CVE-2026-2915

MediumLPE

Published: 03 March 2026

Published
03 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 5.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 8.5th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2915 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Hp System Event Utility. Its CVSS base score is 5.2 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-2915 is a vulnerability in the HP System Event Utility that might allow denial of service through elevated arbitrary file writes. It affects versions of the HP System Event Utility prior to 3.2.16 and is linked to CWE-276 (Incorrect Default Permissions) and CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high impacts on integrity and availability with no confidentiality impact.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction. Exploitation enables elevated arbitrary file writes, potentially leading to denial of service and disruption of system integrity by overwriting critical files.

The HP security bulletin at https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097 addresses this issue, stating that it was remediated in HP System Event Utility version 3.2.16. Security practitioners should update to this version or later to mitigate the risk.

EU & UK References

Vulnerability details

HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

Local arbitrary file write with elevation directly enables T1068 (Exploitation for Privilege Escalation) and facilitates T1485 (Data Destruction) via overwriting critical files to achieve DoS/integrity impact.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11531Same product: Hp System Event Utility
CVE-2026-8631Same vendor: Hp
CVE-2025-26506Same vendor: Hp
CVE-2026-8632Same vendor: Hp
CVE-2025-26507Same vendor: Hp
CVE-2025-2268Same vendor: Hp
CVE-2025-26508Same vendor: Hp
CVE-2025-27688Shared CWE-732
CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276

Affected Assets

hp
system event utility
≤ 3.2.16

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces correct file and resource permissions to block the unauthorized elevated writes that enable the DoS in HP System Event Utility.

prevent

Limits privileges so a low-privileged local user cannot obtain the elevated file-write rights exploited by CVE-2026-2915.

prevent

Restricts which accounts or processes may modify critical files or configurations, directly mitigating the incorrect permission assignments (CWE-276/732).

References