CVE-2026-21785EPSS p4.4%

CVE-2026-21785CVE-2026-21785

Description

A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.

Scoring

CVSS 4.0 ()
VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS0.15% probability of exploitation · percentile 4.4% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-31965
CVE
CVE-2025-62338
CVE
CVE-2026-21821
CVE
CVE-2025-52613
CVE
CVE-2025-31958
CVE
CVE-2025-52609
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.