wid-sec-w-2026-0960 · Published 2026-04-01 · View on BSI CERT-Bund ↗

HCL BigFix Platform: Multiple Vulnerabilities

CVSS 8.8 HIGH

Risk Summary

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions. HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication.

CVEs (2)

CVE-2026-21765 CVE-2026-21767

Affected Vendors

HCL

Affected Products (2)

HCL · BigFix <11.0.6

HCL · BigFix 11.0.6

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more