CVE-2026-21836

MEDIUM 6.5

HCL DominoIQ is affected by broken access control

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data.

CWE	CWE-862
Vendor	hclsoftware
Product	dominoiq
Published	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for hclsoftware dominoiq

Be the first to know when new medium vulnerabilities affecting hclsoftware dominoiq are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

HCLSoftware / DominoIQ

14.5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.hcl-software.com: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130932