PatchSiren cyber security CVE debrief
CVE-2026-56458 HCLSoftware CVE debrief
CVE-2026-56458 is a medium-severity vulnerability in HCL DevOps Deploy, affecting versions 8.1.0.0 to 8.1.2.7 and 8.2.0.0 to 8.2.2.0. The vulnerability is due to improper CORS configuration, allowing attackers to perform privileged actions and retrieve sensitive information. This issue has a CVSS score of 5.4 and is classified as MEDIUM severity. Users of HCL DevOps Deploy, particularly those in environments where the affected versions are deployed, should be aware of this vulnerability and take necessary actions to mitigate it.
- Vendor
- HCLSoftware
- Product
- HCL DevOps Deploy
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Users of HCL DevOps Deploy, particularly those in environments where the affected versions are deployed, should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing compensating controls for exposed systems while remediation is scheduled and verified.
Technical summary
HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. The vulnerability has a CVSS score of 5.4 and is classified as MEDIUM severity. Affected product deployments should be reviewed for exposure, and compensating controls should be considered while remediation is planned.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it could allow attackers to perform privileged actions and retrieve sensitive information.
Recommended defensive actions
- Inventory and assess HCL DevOps Deploy instances for vulnerability
- Apply patches or updates to affected versions
- Implement compensating controls, such as restricting access to sensitive information
- Monitor for suspicious activity
- Verify domain name limitations for trusted domains
Evidence notes
The CVE record was published on 2026-07-09T10:16:26.967Z and was last modified on 2026-07-10T16:00:03.797Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects HCL DevOps Deploy versions 8.1.0.0 to 8.1.2.7 and 8.2.0.0 to 8.2.2.0. Users should verify their deployments and take necessary actions.
Official resources
-
CVE-2026-56458 CVE record
CVE.org
-
CVE-2026-56458 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T10:16:26.967Z and has not been modified since then. The NVD entry is currently Analyzed.