PatchSiren cyber security CVE debrief
CVE-2026-35142 HCL Software CVE debrief
HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal infrastructure for further targeted attacks. This vulnerability has a CVSS score of 2.6 and a severity of LOW. The CVE record was published on 2026-07-16T14:16:50.863Z and has not been modified since then. The NVD entry is currently Undergoing Analysis. Affected users should review and update HCL DFXAnalytics to ensure internal IP address details are not included in server responses.
- Vendor
- HCL Software
- Product
- DFXAnalytics
- CVSS
- LOW 2.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Users of HCL DFXAnalytics, operators, platform administrators, vulnerability management teams, and security teams should be aware of this Internal IP Address Disclosure vulnerability, as it could allow a remote attacker to gather sensitive network topology information.
Technical summary
HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal infrastructure for further targeted attacks. The vulnerability has a CVSS score of 2.6 and a severity of LOW. Users of HCL DFXAnalytics should be aware of this vulnerability and take necessary precautions to prevent exploitation.
Defensive priority
Low priority, as the vulnerability has a low CVSS score and requires high privileges to exploit. However, users should still take necessary precautions to prevent exploitation.
Recommended defensive actions
- Review and update HCL DFXAnalytics to ensure internal IP address details are not included in server responses.
- Implement network segmentation and access controls to limit the attack surface.
- Monitor for suspicious activity and implement incident response plans.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record and NVD entry provide limited information about the vulnerability. Further investigation and verification are necessary to fully understand the impact and scope of the vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information. Users should verify the affected product deployments and review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Official resources
-
CVE-2026-35142 CVE record
CVE.org
-
CVE-2026-35142 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T14:16:50.863Z and has not been modified since then.