CVE-2026-21760

Summary

HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing) vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareDevOps Loop2.0.0affected

Weaknesses

  • CWE-425: CWE-425: Direct Request (Forced Browsing)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References