CVE-2026-35148 PUBLISHED

HCL DFXServer is affected by a Missing Access Control vulnerability

Assigner: HCL
Reserved: 01.04.2026 Published: 16.07.2026 Updated: 16.07.2026

HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows any network user to invoke these APIs and interact with the application without verification of their identity or authorization level.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVSS Score: 6.3

Product Status

Vendor HCL Software
Product DFXServer
Versions Default: unaffected
  • Version version 2.5 and below is affected

References

Problem Types

  • CWE-284: Improper Access Control CWE