Sensitive Configuration Disclosure in HCL DevOps Deploy & Launch
CVE-2026-56460

6.5MEDIUM

What is CVE-2026-56460?

HCL DevOps Deploy and HCL Launch are affected by a vulnerability that could allow authenticated users to access sensitive configurations and secrets through API responses. This exposure may lead attackers to exploit the disclosed information for unauthorized actions, posing a significant risk to the integrity and security of the system.

Affected Version(s)

HCL DevOps Deploy / HCL Launch 7.3-7.3.2.18, 8.0-8.0.1.13, 8.1-8.1.2.6, 8.2-8.2.1.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.