Which versions of Automic Automation Agent are affected by EUVD-2026-30970?

Broadcom Automic Automation Agent contains a local privilege escalation flaw (CVE-2026-8370, CVSS 8.5) affecting versions prior to 24.4.4 HF1 on Unix systems, allowing authenticated low-privilege…. A patch is available.

Automic Automation Agent EUVD-2026-30970

Q: What is the CVSS score of EUVD-2026-30970?

EUVD-2026-30970 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

Q: How to fix or mitigate EUVD-2026-30970?

Within 24 hours: identify all Broadcom Automic Automation Agent deployments on Unix systems (Linux, AIX, Solaris, zLinux) and document current versions in use. Within 7 days: restrict local system access to affected installations, implement privileged account monitoring, and disable non-essential automation agents as interim controls. Within 30 days: upgrade all affected systems to Broadcom Automic Automation Agent version 24.4.4 HF1 or later.

| CVE-2026-8370 HIGH

Execution with Unnecessary Privileges (CWE-250)

2026-05-19 ca

GHSA-vmh5-rqqv-q3v3

Privilege Escalation Broadcom

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 19, 2026 - 20:02 EUVD

Analysis Generated

May 19, 2026 - 19:30 vuln.today

CVSS changed

May 19, 2026 - 19:22 NVD

8.5 (HIGH)

DescriptionNVD

Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Programs with Elevated Privileges.

This issue affects Automic Automation: < 24.4.4 HF1.

AnalysisAI

Local privilege escalation in Broadcom Automic Automation Agent versions prior to 24.4.4 HF1 allows authenticated low-privileged users on Unix-family systems (Linux x64, Linux Power 64 BE/LE, zLinux, AIX, Solaris x64, Solaris Sparc 64) to abuse the agent's elevated privileges and target programs running with higher rights. The CVSS 4.0 score of 8.5 reflects high confidentiality, integrity, and availability impact achievable from a local foothold, with no public exploit identified at time of analysis.

RemediationAI

Within 24 hours: identify all Broadcom Automic Automation Agent deployments on Unix systems (Linux, AIX, Solaris, zLinux) and document current versions in use. Within 7 days: restrict local system access to affected installations, implement privileged account monitoring, and disable non-essential automation agents as interim controls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-30970 vulnerability details – vuln.today

Back

Automic Automation Agent EUVD-2026-30970

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Automic Automation Agent EUVD-2026-30970

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code