CVE-2026-21783

MEDIUM

HCL Traveler is affected by sensitive information disclosure

Title source: cna

Description

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129139

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (2)

HCLSoftware/Traveler < 14.5.1.0

hcltech/traveler < 14.5.1.0

Published Mar 24, 2026

Tracked Since Mar 25, 2026