Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-35148— HCL DFXServer is affected by a Missing Access Control vulnerability

CVSS 6.3 · Medium

Affected Version Matrix 1

VendorProductVersion RangeStatus
HCL SoftwareDFXServerversion 2.5 and belowaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-35148

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
HCL DFXServer is affected by a Missing Access Control vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows any network user to invoke these APIs and interact with the application without verification of their identity or authorization level.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
HCL SoftwareDFXServer version 2.5 and below -

II. Public POCs for CVE-2026-35148

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-35148

登录查看更多情报信息。

Vendor Advisories for CVE-2026-35148 (1)

Same Patch Batch · HCL Software · 2026-07-16 · 12 CVEs total

CVE-2026-351478.2 HIGHHCL DFXServer is affected by a Broken Authentication vulnerability via direct API access.
CVE-2026-351498.2 HIGHHCL DFXServer is affected by an Authentication Bypass vulnerability via server response ma
CVE-2026-564545.9 MEDIUMHCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS
CVE-2026-564535.5 MEDIUMHCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerabilit
CVE-2026-564565.3 MEDIUMHCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability.
CVE-2026-564555.3 MEDIUMHCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial
CVE-2026-351453.1 LOWHCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerabil
CVE-2026-351433.0 LOWHCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability.
CVE-2026-351403.0 LOWHCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cook
CVE-2026-351422.6 LOWHCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability.
CVE-2026-351412.6 LOWHCL DFXAnalytics is affected by a Login Replay Attack vulnerability

IV. Related Vulnerabilities

V. Comments for CVE-2026-35148

No comments yet


Leave a comment