CVE-2026-35149

HCL Software · DFXServer

HCL DFXServer is susceptible to an authentication bypass vulnerability, enabling remote attackers to manipulate server responses to gain unauthorized access.

Executive summary

An authentication bypass vulnerability in HCL DFXServer allows remote attackers to compromise system access via server response manipulation.

Vulnerability

This is an authentication bypass by capture-replay (CWE-294) vulnerability. It allows an unauthenticated remote attacker to bypass security checks by manipulating server responses.

Business impact

An attacker successfully exploiting this vulnerability can gain unauthorized access to the DFXServer, potentially leading to the compromise of sensitive data or the manipulation of application logic. Given the CVSS score of 8.2, this vulnerability poses a severe risk to the confidentiality and integrity of the application environment.

Remediation

Immediate Action: Update the HCL DFXServer to the latest patched version recommended by the vendor.

Proactive Monitoring: Monitor network traffic and server response logs for anomalous patterns that suggest tampering or replay attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to inspect and validate server responses and block suspicious traffic patterns.

Exploitation status

Public Exploit Available: No (no weaponized exploit confirmed).

Analyst recommendation

The ability for an unauthenticated attacker to bypass authentication makes this a high-priority issue. Administrators should ensure that the HCL DFXServer is updated to the latest version immediately to mitigate the risk of unauthorized access.