CVE-2026-35149

Summary

HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the application without verification.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareDFXServerversion 2.5 and belowaffected

Weaknesses

  • CWE-294: CWE-294: Authentication Bypass by Capture-replay

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References