PatchSiren cyber security CVE debrief
CVE-2026-12212 hcengineering CVE debrief
CVE-2026-12212 is a vulnerability in Huly Platform up to 0.7.0. The affected component is the RPC Interface, specifically the getMailboxSecret function in server/account/src/operations.ts. The vulnerability leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Vendor
- hcengineering
- Product
- Huly Platform
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Huly Platform up to 0.7.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and a severity of LOW. It is categorized under CWE-266 and CWE-284.
Defensive priority
LOW
Recommended defensive actions
- Update to a version of Huly Platform that is not vulnerable
- Implement additional access controls to mitigate the vulnerability
Evidence notes
The vulnerability was found in the Huly Platform up to 0.7.0. The vendor was contacted but did not respond.
Official resources
CVE-2026-12212 was published on 2026-06-15T04:16:25.417Z and has not been modified since then.