CVE-2026-21783
Information Disclosure in HCL Traveler via Detailed Error Messages
Publication date: 2026-03-24
Last updated on: 2026-03-31
Assigner: HCL Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | traveler | to 14.5.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-21783 is a vulnerability in HCL Traveler where the application discloses sensitive information through its error messages.
These error messages reveal detailed information such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces.
Attackers can exploit this information to understand the system's architecture and potentially launch targeted attacks.
How can this vulnerability impact me? :
This vulnerability can lead to sensitive information disclosure, which may help attackers gain insights into the system.
With this information, attackers could craft targeted attacks against the system, increasing the risk of further compromise.
The CVSS base score of 4.3 indicates a low to medium severity impact, specifically affecting confidentiality without impacting integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know