Cyber Resilience

CVE-2026-21765

HighLPE

Published: 02 April 2026

Published
02 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0010 1.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21765 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Hcltech Bigfix Platform. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Private Keys (T1552.004); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-21765 affects the HCL BigFix Platform, specifically involving insecure permissions on private cryptographic keys located on Windows host machines. These keys are subject to overly permissive file system permissions, which could allow unauthorized access. The vulnerability is classified under CWE-276 (Incorrect Default Permissions) and CWE-732 (Incorrect Permission Assignment for Critical Resource), with a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

A local attacker with low privileges (PR:L) on the affected Windows host can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants access to the private cryptographic keys, enabling high-impact outcomes such as data compromise (C:H), modification of systems or data (I:H), and disruption of services (A:H), particularly given the high scope (S:C) that allows influence beyond the vulnerable component.

The HCL Software support advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906 provides details on mitigation, including recommended patches or configuration changes to secure the file system permissions on the private keys. Security practitioners should review this KB article for specific remediation steps applicable to their BigFix Platform deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.004 Private Keys Credential Access
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.
Why these techniques?

Direct match to insecurely stored private keys via weak file permissions (CWE-276/732), enabling credential access on Windows.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-52627Same vendor: Hcltech
CVE-2024-42172Same vendor: Hcltech
CVE-2025-52612Same vendor: Hcltech
CVE-2025-52644Same vendor: Hcltech
CVE-2024-42168Same vendor: Hcltech
CVE-2025-52631Same vendor: Hcltech
CVE-2025-55262Same vendor: Hcltech
CVE-2024-42181Same vendor: Hcltech
CVE-2025-55265Same vendor: Hcltech
CVE-2025-52626Same vendor: Hcltech

Affected Assets

hcltech
bigfix platform
11.0.0 — 11.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes and enforces restrictive configuration settings for file system permissions on private cryptographic keys to prevent unauthorized access.

prevent

Enforces approved access authorizations on system resources, including private key files, blocking low-privilege attackers from reading them.

prevent

Applies least privilege to ensure only authorized users and processes can access critical private cryptographic keys on Windows hosts.

References