CORS Misconfiguration in HCL DevOps Deploy Affects Data Security
CVE-2026-56458
5.4MEDIUM
What is CVE-2026-56458?
The HCL DevOps Deploy product is exposed to a vulnerability stemming from improper Cross-Origin Resource Sharing (CORS) configurations. This misconfiguration permits attackers to execute privileged actions and gain access to sensitive information. The vulnerability arises from a lack of restriction on domain names, failing to limit access to only trusted domains, which could lead to unauthorized data manipulation or retrieval. Users are advised to apply the latest security patches and review their CORS policies to mitigate potential risks.
Affected Version(s)
HCL DevOps Deploy 8.1-8.1.2.6, 8.2-8.2.1.0
