What is CVE-2026-3991?

CVE-2026-3991 is a high-severity vulnerability in Broadcom Data Loss Prevention, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 7.8/10. Published 2026-03-30.

How severe is CVE-2026-3991?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Broadcom Data Loss Prevention

CVE-2026-3991

Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may…

EPSS: 0.000 (4.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Broadcom Data Loss Prevention — versions 25.1.00100.60229, 16.1.00200.60431, 16.0.20009.60689

Weakness classification (CWE)

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/Se… (vendor-advisory)

Frequently asked questions

What is CVE-2026-3991?: CVE-2026-3991 is a high-severity vulnerability in Broadcom Data Loss Prevention, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 7.8/10. Published 2026-03-30.
How severe is CVE-2026-3991?: High severity. CVSS v3 base score is 7.8 out of 10.