MEDIUM
HCLSoftware
CVE published 2026-05-20
CVE-2026-21836
CVE-2026-21836 describes a broken access control issue in the HCL DominoIQ RAG feature. Under certain circumstances, document-level access restrictions can be ignored when the AI query engine decides what data to return, which could allow an authenticated attacker to see sensitive information. The issue was published on 2026-05-20 and is rated CVSS 6.5 (Medium) with confidentiality impact only. The availa [truncated]