Insufficient Authentication in HCL BigFix Platform
CVE-2026-21767

4MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Platform
Vendor: CVE Published:; 1 April 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2026-21767?

The HCL BigFix Platform is prone to an insufficient authentication flaw, allowing potential unauthorized users to gain access to sensitive areas of the application. This vulnerability may expose critical data and functions, undermining the platform's integrity and security. Users are urged to apply the necessary updates and follow recommended security practices to mitigate risks associated with this vulnerability.

Affected Version(s)

BigFix Platform 11.0.0 - 11.0.5

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21767 Data

JSON