Weak Default HTTP Header Validation in HCL Traveler Software
CVE-2026-21790

6.3MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Traveler
Vendor: CVE Published:; 24 March 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2026-21790?

HCL Traveler software is vulnerable to a weak default HTTP header validation issue, which potentially allows unauthorized users to circumvent additional authentication measures. This vulnerability could be exploited by malicious actors to gain unauthorized access to sensitive data or system functionalities.

Affected Version(s)

Traveler < 14.5.1.0

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21790 Data

JSON