CVE-2026-21785 MEDIUM

CVE-2026-21785: HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

Vendor Hclsoftware
Product BigFix Remote Control Server
Weakness CWE-1021
Published May 27, 2026
Last update May 28, 2026

CVSS base score

4.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.

Key dates

02Disclosure timeline

May 27, 2026 CVE published
May 28, 2026 Record updated