Summaryinfo

A vulnerability classified as critical was found in HCL Traveler. Affected by this issue is some unknown functionality of the component HTTP Header Validation Handler. Executing a manipulation can lead to origin validation. This vulnerability is registered as CVE-2026-21790. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in HCL Traveler. It has been declared as critical. This vulnerability affects an unknown function of the component HTTP Header Validation Handler. The manipulation with an unknown input leads to a origin validation vulnerability. The CWE definition for the vulnerability is CWE-346. The product does not properly verify that the source of data or communication is valid. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks.

The advisory is available at support.hcl-software.com. This vulnerability was named CVE-2026-21790 since 01/05/2026. The exploitation appears to be easy. The attack can be initiated remotely. The technical details are unknown and an exploit is not available.

Upgrading to version 14.5.1.0 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-15002). Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• HCL

Name

• Traveler

Version

• 3.0.11
• 3.0.12
• 3.0.14

License

• commercial

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion