Insecure Permissions Vulnerability in HCL BigFix Platform
CVE-2026-21765

8.8HIGH

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Platform
Vendor: CVE Published:; 1 April 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2026-21765?

The HCL BigFix Platform is susceptible to a vulnerability that arises from insecure permissions assigned to private cryptographic keys. These keys, stored on Windows host machines, may be exposed due to overly permissive file system permissions. This situation can potentially allow unauthorized users access to sensitive cryptographic materials, thereby jeopardizing the security of the platform and associated data.

Affected Version(s)

BigFix Platform 11.0.0 - 11.0.5

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21765 Data

JSON