Skip to main content

Microsoft CVE-2026-21765

| EUVDEUVD-2026-18095 HIGH
Incorrect Default Permissions (CWE-276)
2026-04-02 psirt@hcl.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 16:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 02, 2026 - 00:25 euvd
EUVD-2026-18095
Analysis Generated
Apr 02, 2026 - 00:25 vuln.today
CVE Published
Apr 02, 2026 - 00:16 nvd
HIGH 8.8

DescriptionCVE.org

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.

AnalysisAI

Local privilege escalation in HCL BigFix Platform on Windows allows authenticated users with low privileges to access cryptographic private keys due to overly permissive file system permissions, potentially enabling complete system compromise with cross-scope impact. Authentication required (PR:L). No public exploit identified at time of analysis, though the attack is rated low complexity and fully automated. CVSS 8.8 severity driven by scope change and complete confidentiality/integrity/availability impact.

Technical ContextAI

HCL BigFix Platform is an enterprise endpoint management and security compliance solution. This vulnerability stems from CWE-276 (Incorrect Default Permissions), where private cryptographic keys stored on Windows file systems lack proper access controls. These keys are critical security assets used for authentication, encryption, or code signing within the BigFix infrastructure. When file system permissions allow low-privileged users to read private keys, attackers can extract cryptographic material to impersonate system components, decrypt sensitive data, or sign malicious payloads as trusted entities. The CVSS scope change metric (S:C) indicates the vulnerability enables attackers to affect resources beyond the vulnerable component's security authority, suggesting the compromised keys could grant access to broader BigFix management operations or controlled endpoints.

RemediationAI

Consult HCL vendor advisory KB0129906 at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906 for patching guidance and specific fixed versions. Primary remediation involves applying vendor-released updates that correct file system permissions on cryptographic private key storage locations. As an interim mitigation, system administrators should manually audit and restrict NTFS permissions on BigFix private key directories to ensure only SYSTEM and authorized service accounts have read access, removing any inherited permissions that grant access to low-privileged user groups. Organizations should review Windows file system permissions on all BigFix Platform directories containing cryptographic material and implement least-privilege access controls aligned with vendor security hardening guidance.

Share

CVE-2026-21765 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy