CVE-2026-21785

Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Server WebUI versions prior to 10.1.0.0443

Description A misconfigured Content Security Policy (CSP), which is a security layer used to detect and mitigate certain types of attacks including Cross-Site Scripting (XSS) and data injection, fails to define directives without fallbacks. This allows attackers to bypass intended security restrictions and load unauthorized resources.

Recommendations Update to a version later than 10.1.0.0442.