PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56458 HCLSoftware CVE debrief

CVE-2026-56458 is a medium-severity vulnerability in HCL DevOps Deploy, affecting versions 8.1.0.0 to 8.1.2.7 and 8.2.0.0 to 8.2.2.0. The vulnerability is due to improper CORS configuration, allowing attackers to perform privileged actions and retrieve sensitive information. This issue has a CVSS score of 5.4 and is classified as MEDIUM severity. Users of HCL DevOps Deploy, particularly those in environments where the affected versions are deployed, should be aware of this vulnerability and take necessary actions to mitigate it.

Vendor
HCLSoftware
Product
HCL DevOps Deploy
CVSS
MEDIUM 5.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of HCL DevOps Deploy, particularly those in environments where the affected versions are deployed, should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing compensating controls for exposed systems while remediation is scheduled and verified.

Technical summary

HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. The vulnerability has a CVSS score of 5.4 and is classified as MEDIUM severity. Affected product deployments should be reviewed for exposure, and compensating controls should be considered while remediation is planned.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it could allow attackers to perform privileged actions and retrieve sensitive information.

Recommended defensive actions

  • Inventory and assess HCL DevOps Deploy instances for vulnerability
  • Apply patches or updates to affected versions
  • Implement compensating controls, such as restricting access to sensitive information
  • Monitor for suspicious activity
  • Verify domain name limitations for trusted domains

Evidence notes

The CVE record was published on 2026-07-09T10:16:26.967Z and was last modified on 2026-07-10T16:00:03.797Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects HCL DevOps Deploy versions 8.1.0.0 to 8.1.2.7 and 8.2.0.0 to 8.2.2.0. Users should verify their deployments and take necessary actions.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T10:16:26.967Z and has not been modified since then. The NVD entry is currently Analyzed.