cvedb.io
CVE-2026-35148
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2026-07-16T12:17:35.733 · Last modified 2026-07-16T13:47:43.027

Summary

HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows any network user to invoke these APIs and interact with the application without verification of their identity or authorization level.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.