CVE-2026-35149 PUBLISHED

HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation.

Assigner: HCL
Reserved: 01.04.2026 Published: 16.07.2026 Updated: 16.07.2026

HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the application without verification.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS Score: 8.2

Product Status

Vendor HCL Software
Product DFXServer
Versions Default: unaffected
  • Version version 2.5 and below is affected

References

Problem Types

  • CWE-294: Authentication Bypass by Capture-replay CWE