CVE-2026-35147 PUBLISHED

HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access.

Assigner: HCL
Reserved: 01.04.2026 Published: 16.07.2026 Updated: 16.07.2026

HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The application fails to verify the user's authentication status when accessing specific API endpoints, allowing an unauthenticated attacker to interact with the APIs and perform unauthorized actions without valid credentials.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS Score: 8.2

Product Status

Vendor HCL Software
Product DFXServer
Versions Default: unaffected
  • Version version 2.5 and below is affected

References

Problem Types

  • CWE-639: Authorization Bypass Through User-Controlled Key CWE