HCL BigFix Platform: Private Keys Accessible Due to Incorrect Windows Permissions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

HCL BigFix Platform: Private Keys Accessible Due to Incorrect Windows Permissions

CVE-2026-21765

Summary

The HCL BigFix Platform uses private cryptographic keys on Windows machines. If these keys have overly permissive permissions, unauthorized users may access them, potentially compromising sensitive data. Update your HCL BigFix Platform configuration to ensure secure key permissions.

Original title

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file s...

Original description

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.

nvd CVSS3.1 8.8

Vulnerability type

CWE-276 Incorrect Default Permissions

CWE-732 Incorrect Permission Assignment for Critical Resource

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906

Published: 2 Apr 2026 · Updated: 2 Apr 2026 · First seen: 2 Apr 2026