CVE-2026-35149
Received Received - Intake

Authentication Bypass in HCL DFXServer via Server Response Manipulation

Vulnerability report for CVE-2026-35149, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: HCL Software

Description

HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the application without verification.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcl dfxserver *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-294 A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

HCL DFXServer has an Authentication Bypass vulnerability where an attacker can manipulate server responses to gain unauthorized access without valid credentials. By intercepting and altering authentication responses, the attacker bypasses verification entirely.

Impact Analysis

This vulnerability allows unauthorized users to access the application and potentially sensitive data. It could lead to data breaches, unauthorized actions, or further compromise of the system depending on the application's functions.

Compliance Impact

This vulnerability could lead to non-compliance with GDPR, HIPAA, or other regulations due to unauthorized data access or exposure. It may result in legal penalties, loss of trust, and required breach notifications depending on the data involved.

Mitigation Strategies

Apply patches or updates from HCL to address the authentication bypass flaw. Monitor network traffic for unusual server response manipulations. Restrict access to DFXServer to trusted networks or users until patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35149. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart