Missing Access Control Vulnerability in HCL DFXServer
CVE-2026-35148
6.3MEDIUM
What is CVE-2026-35148?
HCL DFXServer contains a vulnerability that allows certain endpoints to be accessed without authentication in alternative browsers. This flaw exposes significant security risks, as it permits any user on the network to call these APIs and gain unauthorized interaction with the application. Proper authentication mechanisms need to be implemented to ensure that only authorized users can access sensitive functionalities within the HCL DFXServer.
Affected Version(s)
DFXServer version 2.5 and below
