CVE-2026-21765
Published: 02 April 2026
Summary
CVE-2026-21765 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Hcltech Bigfix Platform. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Private Keys (T1552.004); ranked at the 2.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Establishes and enforces restrictive configuration settings for file system permissions on private cryptographic keys to prevent unauthorized access.
Enforces approved access authorizations on system resources, including private key files, blocking low-privilege attackers from reading them.
Applies least privilege to ensure only authorized users and processes can access critical private cryptographic keys on Windows hosts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct match to insecurely stored private keys via weak file permissions (CWE-276/732), enabling credential access on Windows.
NVD Description
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
Deeper analysisAI
CVE-2026-21765 affects the HCL BigFix Platform, specifically involving insecure permissions on private cryptographic keys located on Windows host machines. These keys are subject to overly permissive file system permissions, which could allow unauthorized access. The vulnerability is classified under CWE-276 (Incorrect Default Permissions) and CWE-732 (Incorrect Permission Assignment for Critical Resource), with a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
A local attacker with low privileges (PR:L) on the affected Windows host can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation grants access to the private cryptographic keys, enabling high-impact outcomes such as data compromise (C:H), modification of systems or data (I:H), and disruption of services (A:H), particularly given the high scope (S:C) that allows influence beyond the vulnerable component.
The HCL Software support advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906 provides details on mitigation, including recommended patches or configuration changes to secure the file system permissions on the private keys. Security practitioners should review this KB article for specific remediation steps applicable to their BigFix Platform deployments.
Details
- CWE(s)