CVE-2026-12212
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
A vulnerability has been found in hcengineering Huly Platform up to version 0.7.0. The issue affects the function getMailboxSecret in the file server/account/src/operations.ts of the RPC Interface component, leading to improper access controls.
Risk Assessment
An attacker may remotely exploit this vulnerability, posing a serious threat to user data security. The public disclosure of the exploit increases the risk of attacks.
Recommendation
It is recommended to update the Huly platform to the latest version to mitigate this vulnerability. A security audit of the system should also be conducted.
Original NVD description (English source)
A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

