CVE-2026-8370 Broadcom CVE debrief

Who should care

Administrators and operators running Automic Automation Agent Unix on Linux x64, Linux Power 64 BE/LE, zLinux (zSeries), AIX, Solaris x64, or Solaris Sparc 64; security teams responsible for patching and privilege-hardening on those hosts.

Technical summary

The CVE description indicates an execution-with-unnecessary-privileges flaw in the Automic Automation Agent Unix component. NVD assigns CVSS 4.0 AV:L/AC:L/AT:N/PR:L/UI:N with high impact to confidentiality, integrity, and availability, which is consistent with a local privilege-escalation path. The issue affects Automic Automation versions prior to 24.4.4 HF1.

Defensive priority

High — prioritize remediation on any affected host, especially where the agent runs with elevated privileges.

Recommended defensive actions

• Inventory Automic Automation Agent Unix deployments and identify versions earlier than 24.4.4 HF1.
• Upgrade to 24.4.4 HF1 or a later vendor-fixed release as soon as possible.
• Review agent service accounts and remove unnecessary elevated privileges where operationally feasible.
• Monitor affected hosts for unexpected child processes, command execution, or privilege changes associated with the agent.
• Follow the Broadcom advisory and validate any compensating controls against your deployment model.

Evidence notes

This debrief is based on the supplied CVE description, the NVD record, and the linked Broadcom advisory reference. The NVD entry shows vulnStatus 'Awaiting Analysis' and includes CWE-250 as a secondary weakness. The Broadcom advisory content was not provided in the source corpus, so no additional vendor-specific details are claimed here.

Official resources