CVE-2026-21785
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
4.0 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Description
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-1021
Source
NVD
Vendor
HCLSoftware
Product
BigFix Remote Control Server
Discussion (0)
Add Comment
No comments yet. Be the first!