๐Ÿ” CVE Alert

CVE-2026-56458

MEDIUM 5.4

HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains

CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th

HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.

CWE CWE-942
Vendor hclsoftware
Product hcl devops deploy
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for hclsoftware hcl devops deploy

Be the first to know when new medium vulnerabilities affecting hclsoftware hcl devops deploy are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

HCLSoftware / HCL DevOps Deploy
8.1-8.1.2.6, 8.2-8.2.1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
support.hcl-software.com: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131695