CVE-2026-21760
Awaiting Analysis
Awaiting Analysis - Queue
Unauthorized Admin Access in HCL DevOps Loop
Vulnerability report for CVE-2026-21760, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-17
Last updated on: 2026-07-17
Assigner: HCL Software
Description
Description
HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing) vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | devops_loop | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-425 | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |