Improper Access Control Vulnerability in Huly Platform by HC Engineering
CVE-2026-12212

5.3MEDIUM

Key Information:

Vendor: Hcengineering
Status: Huly Platform
Vendor: CVE Published:; 15 June 2026

🔔 Create Hcengineering Vulnerability Alert

What is CVE-2026-12212?

A vulnerability in the Huly Platform from HC Engineering affects versions up to 0.7.0, specifically in the function getMailboxSecret within the RPC Interface component. This vulnerability allows for improper access control, which can be exploited remotely. The attack vector exposes users to potential unauthorized access, compromising sensitive information. The vendor was notified about the issue prior to public disclosure but did not respond, increasing concerns over unaddressed security ramifications.