Home

Description

HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

PUBLISHED Reserved 2026-06-22 | Published 2026-07-09 | Updated 2026-07-09 | Assigner HCL




MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Problem types

CWE-942 Permissive cross-domain security policy with untrusted domains

Product status

Default status
unaffected

8.1-8.1.2.6, 8.2-8.2.1.0
affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0131695

cve.org (CVE-2026-56458)

nvd.nist.gov (CVE-2026-56458)

Download JSON