CVE-2026-56457 | HCL DevOps Deploy / HCL Launch is susceptible to an exposure… | CVSS 4.3 MEDIUM

Description

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain sensitive values related to that step.

Metadata

CVE ID: CVE-2026-56457
State: PUBLISHED
Assigner: HCL
Reserved: 2026-06-22 13:38 UTC
Published: 2026-06-29 13:18 UTC
Last updated: 2026-06-29 13:58 UTC
Primary CWE: CWE-532
CWE-532 Insertion of sensitive information into log file
Vendor / Product: HCLSoftware / HCL DevOps Deploy / HCL Launch
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
HCLSoftware	HCL DevOps Deploy / HCL Launch	—	7.3-7.3.2.18, 8.0-8.0.1.13, 8.1-8.1.2.6, 8.2-8.2.1.0

Weakness (CWE)

CWE	Source	Description
CWE-532	cna	CWE-532 Insertion of sensitive information into log file

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131694