CVE-2026-56460

Summary

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareHCL DevOps Deploy / HCL Launch7.3-7.3.2.18, 8.0-8.0.1.13, 8.1-8.1.2.6, 8.2-8.2.1.0affected

Weaknesses

  • CWE-201: CWE-201 Insertion of sensitive information into sent data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References