CVE-2026-3991

High

Published: 30 March 2026

Published

30 March 2026

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 4.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3991 is a high-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Broadcom (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the Elevation of Privilege vulnerability by requiring timely flaw remediation through application of vendor-recommended patches to affected Symantec Data Loss Prevention Windows Endpoint versions.

AC-6 Least Privilege good match

prevent

Enforces least privilege to limit the initial attacker's capabilities and the impact of successful privilege escalation on protected resources.

AC-3 Access Enforcement good match

prevent

Requires enforcement of approved access authorizations, countering the vulnerability's ability to bypass normal protections and gain elevated access to resources.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The CVE describes a local Elevation of Privilege vulnerability allowing a low-privileged attacker to gain elevated access without user interaction, directly enabling T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an…

attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Deeper analysisAI

Symantec Data Loss Prevention Windows Endpoint versions prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15 are affected by CVE-2026-3991, an Elevation of Privilege vulnerability (CWE-829). This flaw allows an attacker to compromise the software application and gain elevated access to resources that are normally protected from an application or user. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability with low attack complexity and prerequisites.

A local attacker with low privileges can exploit this vulnerability without user interaction. Successful exploitation enables the attacker to elevate their privileges, potentially compromising sensitive resources protected by the endpoint software and achieving high-impact effects across confidentiality, integrity, and availability.

The Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37306 details mitigation, recommending updates to Symantec Data Loss Prevention Windows Endpoint versions 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, 16.0 MP2 HF15, or later to address the vulnerability.