CVE-2026-21761
Awaiting Analysis Awaiting Analysis - Queue

Cross-Origin Resource Sharing Misconfiguration in HCL DevOps Loop

Vulnerability report for CVE-2026-21761, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: HCL Software

Description

HCL DevOps Loop is affected by a Cross-Origin Resource Sharing (CORS) misconfiguration. Improper CORS configuration may allow unauthorized cross-origin requests, potentially exposing application resources to untrusted domains.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcl devops_loop *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

HCL DevOps Loop has a Cross-Origin Resource Sharing (CORS) misconfiguration. This means the application improperly allows requests from untrusted domains, which could expose sensitive resources to unauthorized access.

Detection Guidance

To detect CORS misconfiguration in HCL DevOps Loop, check HTTP response headers for improperly configured Access-Control-Allow-Origin fields. Use tools like curl to inspect headers: curl -I http://target-server. Look for Access-Control-Allow-Origin:* or overly permissive domains. Browser developer tools can also reveal CORS errors during cross-origin requests.

Impact Analysis

An attacker could exploit this to make unauthorized requests to the application, potentially accessing or modifying data. This could lead to data breaches or unauthorized actions if exploited by a malicious actor.

Compliance Impact

This vulnerability could violate data protection requirements under GDPR or HIPAA by exposing sensitive data to unauthorized parties. Organizations may face compliance penalties if such breaches occur due to inadequate security controls.

Mitigation Strategies

Review and correct CORS configuration in HCL DevOps Loop to restrict allowed origins to trusted domains only. Ensure proper headers like Access-Control-Allow-Origin are set correctly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21761. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart