CVE Catalog

CVE-2026-12212

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

A vulnerability has been found in hcengineering Huly Platform up to version 0.7.0. The issue affects the function getMailboxSecret in the file server/account/src/operations.ts of the RPC Interface component, leading to improper access controls.

Risk Assessment

An attacker may remotely exploit this vulnerability, posing a serious threat to user data security. The public disclosure of the exploit increases the risk of attacks.

Recommendation

It is recommended to update the Huly platform to the latest version to mitigate this vulnerability. A security audit of the system should also be conducted.

Original NVD description (English source)

A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS