CVE-2026-21785

MEDIUM

HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

Title source: cna

Description

A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.

References (1)

Core 1

Core References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130581

Scores

CVSS v3 4.0

EPSS 0.0015

EPSS Percentile 4.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1021

Status published

Products (1)

HCLSoftware/BigFix Remote Control Server <= versions 10.1.0.0442

Published May 27, 2026

Tracked Since May 28, 2026