CVE-2026-2915

5.2

Medium

Published:3 Mar 2026

Last updated:17 Jun 2026

Source:hp-security-alert@hp.com

Analyzed

Weakness (CWE)

CWE-276Incorrect Default Permissions
CWE-732Incorrect Permission Assignment

CVSS Vector

v4.0

Attack Vector: Local
Attack Complexity: Low
Attack Requirements: None
Privileges Required: Low
User Interaction: Passive
Confidentiality (Vulnerable): None
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): None
Integrity (Subsequent): None
Availability (Subsequent): None

View on MITRE Find PoC on GitHub

Description

HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16.

References

hp-security-alert@hp.com

https://support.hp.com/us-en/document/ish_14271963-14271996-16/hpsbgn04097