Security Misconfiguration in HCL BigFix Remote Control Server WebUI
CVE-2026-21785

4MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Remote Control Server
Vendor: CVE Published:; 27 May 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2026-21785?

A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI allows attackers to exploit the lack of defined directives without fallbacks. This enables unauthorized resource loading, undermining the web application’s intended security mechanisms. HCL BigFix versions 10.1.0.0442 and earlier are particularly affected, exposing users to potential security breaches through this configuration oversight.

Affected Version(s)

BigFix Remote Control Server <= versions 10.1.0.0442

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21785 Data

JSON