CVE-2026-21765 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 2, 2026
HCL BigFix Platform - Insecure Permissions
Published: April 2, 2026Updated: April 2, 2026
Overview
HCL BigFix Platform contains insecure permissions on private cryptographic keys caused by overly permissive file system permissions on Windows host machines, letting attackers access sensitive cryptographic keys, exploit requires access to the host file system.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can access private cryptographic keys, potentially leading to information disclosure or further system compromise.
Mitigation
Restrict file system permissions on private cryptographic keys to the minimum necessary.
Related Resources
Details
- CVE ID
- CVE-2026-21765
- Severity
- High
- CVSS Score
- 8.8
- Type
- misconfiguration
- Status
- new
CWE
- CWE-276
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H