Back to overview

CVE-2026-35149

HIGH
8.2
CVSS 3.1
Description
HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the application without verification.

Metadata

CVE ID
CVE-2026-35149
State
PUBLISHED
Assigner
HCL
Reserved
2026-04-01 16:32 UTC
Published
2026-07-16 11:03 UTC
Last updated
2026-07-16 12:06 UTC
Primary CWE
CWE-294
CWE-294: Authentication Bypass by Capture-replay
Vendor / Product
HCL Software / DFXServer
Sources
cve.org  ·  NVD

Severity & Metrics

8.2 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
HCL Software DFXServer version 2.5 and below
Weakness (CWE)
CWESourceDescription
CWE-294 cna CWE-294: Authentication Bypass by Capture-replay
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.2 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Back to overview