CVE-2026-21789

Published: May 18, 2026Modified: May 18, 2026Deferred

4.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.1 / Impact: 2.5

Source: psirt@hcl.com (Secondary)

Description

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129719

Source: psirt@hcl.com

Timeline

No history available yet.