CVE-2026-21760
MEDIUM
4.6
CVSS 3.1
Description
HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing) vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints.
Metadata
Severity & Metrics
4.6
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| HCLSoftware | DevOps Loop | — | 2.0.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-425 | cna | CWE-425: Direct Request (Forced Browsing) |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.6 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |