{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-8370", "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "state": "PUBLISHED", "assignerShortName": "ca", "dateReserved": "2026-05-11T23:42:14.037Z", "datePublished": "2026-05-19T18:42:00.155Z", "dateUpdated": "2026-05-19T19:30:57.145Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "shortName": "ca", "dateUpdated": "2026-05-19T18:42:00.155Z"}, "title": "Automic Automation Agent Unix privilege escalation", "datePublic": "2026-05-19T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-250", "description": "CWE-250 Execution with unnecessary privileges", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}, {"capecId": "CAPEC-69", "descriptions": [{"lang": "en", "value": "CAPEC-69 Target Programs with Elevated Privileges"}]}], "affected": [{"vendor": "Broadcom", "product": "Automic Automation", "platforms": ["Linux x64", "Linux Power 64 BE", "Linux Power 64 LE", "zLinux (zSeries)", "AIX", "Solaris x64", "Solaris Sparc 64"], "packageName": "Agent Unix", "versions": [{"status": "affected", "version": "< 24.4.4 HF1", "versionType": "custom"}, {"status": "unaffected", "version": "24.4.4 HF1 or later"}, {"status": "unaffected", "version": "26.0.0"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_x64:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_be:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_le:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:zlinux_zseries_:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:aix:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_x64:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_sparc_64:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_x64:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_be:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_le:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:zlinux_zseries_:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:aix:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_x64:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_sparc_64:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_x64:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_be:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_le:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:zlinux_zseries_:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:aix:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_x64:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_sparc_64:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: < 24.4.4 HF1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.<p>This issue affects Automic Automation: &lt; 24.4.4 HF1.</p>"}]}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L"}}], "credits": [{"lang": "en", "value": "David Suchy, Citadelo (citadelo.com)", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-19T19:30:47.783803Z", "id": "CVE-2026-8370", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-19T19:30:57.145Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-8370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-19T19:30:47.783803Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-19T19:30:53.482Z"}}], "cna": {"title": "Automic Automation Agent Unix privilege escalation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "David Suchy, Citadelo (citadelo.com)"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}, {"capecId": "CAPEC-69", "descriptions": [{"lang": "en", "value": "CAPEC-69 Target Programs with Elevated Privileges"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Broadcom", "product": "Automic Automation", "versions": [{"status": "affected", "version": "< 24.4.4 HF1", "versionType": "custom"}, {"status": "unaffected", "version": "24.4.4 HF1 or later"}, {"status": "unaffected", "version": "26.0.0"}], "platforms": ["Linux x64", "Linux Power 64 BE", "Linux Power 64 LE", "zLinux (zSeries)", "AIX", "Solaris x64", "Solaris Sparc 64"], "packageName": "Agent Unix", "defaultStatus": "unaffected"}], "datePublic": "2026-05-19T17:00:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: < 24.4.4 HF1.", "supportingMedia": [{"type": "text/html", "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.<p>This issue affects Automic Automation: &lt; 24.4.4 HF1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with unnecessary privileges"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_x64:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_be:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:linux_power_64_le:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:zlinux_zseries_:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:aix:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_x64:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:_24.4.4_hf1:*:solaris_sparc_64:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_x64:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_be:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:linux_power_64_le:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:zlinux_zseries_:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:aix:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_x64:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:24.4.4_hf1_or_later:*:solaris_sparc_64:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_x64:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_be:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:linux_power_64_le:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:zlinux_zseries_:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:aix:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_x64:*:*:*:*:*", "vulnerable": false}, {"criteria": "cpe:2.3:a:broadcom:automic_automation:26.0.0:*:solaris_sparc_64:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "shortName": "ca", "dateUpdated": "2026-05-19T18:42:00.155Z"}}}, "cveMetadata": {"cveId": "CVE-2026-8370", "state": "PUBLISHED", "dateUpdated": "2026-05-19T19:30:57.145Z", "dateReserved": "2026-05-11T23:42:14.037Z", "assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "datePublished": "2026-05-19T18:42:00.155Z", "assignerShortName": "ca"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "packageName": "Agent Unix", "platforms": ["Linux x64", "Linux Power 64 BE", "Linux Power 64 LE", "zLinux (zSeries)", "AIX", "Solaris x64", "Solaris Sparc 64"], "product": "Automic Automation", "vendor": "Broadcom", "versions": [{"status": "affected", "version": "< 24.4.4 HF1", "versionType": "custom"}, {"status": "unaffected", "version": "24.4.4 HF1 or later"}, {"status": "unaffected", "version": "26.0.0"}]}], "source": "vuln@ca.com"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.\n\nThis issue affects Automic Automation: < 24.4.4 HF1."}], "id": "CVE-2026-8370", "lastModified": "2026-06-17T11:03:51.720", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vuln@ca.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-8370", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "role": "CISA Coordinator", "timestamp": "2026-05-19T19:30:47.783803Z", "version": "2.0.3"}}]}, "published": "2026-05-19T19:16:51.903", "references": [{"source": "vuln@ca.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37512"}], "sourceIdentifier": "vuln@ca.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "vuln@ca.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Linux x64", "Linux Power 64 BE", "Linux Power 64 LE", "zLinux (zSeries)", "AIX", "Solaris x64", "Solaris Sparc 64"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.4.4 HF1)"}}, {"platform": ["Linux x64", "Linux Power 64 BE", "Linux Power 64 LE", "zLinux (zSeries)", "AIX", "Solaris x64", "Solaris Sparc 64"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[24.4.4 HF1,*]"}}, {"platform": ["Linux x64", "Linux Power 64 BE", "Linux Power 64 LE", "zLinux (zSeries)", "AIX", "Solaris x64", "Solaris Sparc 64"], "status": "unaffected", "versions": {"scheme": "semver", "value": "26.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}]}, "product": "automic_automation", "vendor": "broadcom"}], "created": "2026-05-19T20:30:13.401288+00:00", "updated": "2026-05-20T10:39:05.847904+00:00", "vendors": ["broadcom", "broadcom$PRODUCT$automic_automation"]}