CVE-2026-21785

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: high

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.

1021

Improper Restriction of Rendered UI Layers or Frames

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data

Applicable Platforms

Technologies: Not Technology-Specific, Web Based

View CWE Details

https://support.hcl-software.com/csm?id=kb_article&sysparm_…

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130581

CVE-2026-21785

Description

Improper Restriction of Rendered UI Layers or Frames

Common Consequences

Applicable Platforms

Iscriviti alla newsletter