What is CVE-2026-21785?

CVE-2026-21785 is a medium-severity vulnerability in Hclsoftware Bigfix Remote Control Server, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 4.0/10. Published 2026-05-27.

How severe is CVE-2026-21785?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Vulnerability in Hclsoftware Bigfix Remote Control Server

CVE-2026-21785

A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load u…

EPSS: 0.000 (7.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Hclsoftware Bigfix Remote Control Server — versions <= versions 10.1.0.0442

Weakness classification (CWE)

CWE-1021 — Improper Restriction of Rendered UI Layers or Frames (Clickjacking)

References

psirt@hcl.com

Frequently asked questions

What is CVE-2026-21785?: CVE-2026-21785 is a medium-severity vulnerability in Hclsoftware Bigfix Remote Control Server, classified under Improper Restriction of Rendered UI Layers or Frames (Clickjacking). CVSS score: 4.0/10. Published 2026-05-27.
How severe is CVE-2026-21785?: Medium severity. CVSS v3 base score is 4.0 out of 10.