Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible input validation flaw but requires authenticated access (PR:L), specific triggering conditions (AC:H), and yields only limited information disclosure (C:L); no integrity or availability impact.
Primary rating from Vendor (hcl).
CVSS VectorVendor: hcl
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
HCL DevOps Loop is affected by insufficient input validation that allows special characters where they should be restricted. This may result in unintended application behavior under certain conditions.
AnalysisAI
Insufficient input validation in HCL DevOps Loop permits special characters in fields where they should be restricted, enabling authenticated network-accessible attackers under high-complexity conditions to trigger unintended application behavior resulting in limited information disclosure. The CVSS score of 3.1 (Low) reflects constrained real-world impact: exploitation requires prior authentication and specific conditions to materialize. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session with at least low-privilege access to HCL DevOps Loop (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The composite risk picture for this vulnerability is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated user with low privileges sends a crafted request containing special characters to an HCL DevOps Loop input field that lacks proper validation. Under the specific conditions required by the AC:H vector - likely a particular application state, configuration, or input combination - the application processes the malformed input through downstream logic and surfaces limited sensitive information in its response. … |
| Remediation | Consult the HCL Software PSIRT advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132296 (KB0132296) for the authoritative remediation guidance, including any patched version numbers. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45233
GHSA-35w6-wm82-6c6f