hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-12213

Source VulDB

Published Jun 15, 2026 at 03:15

Affected Product

Vendor hcengineering

Product Huly Platform

Version 0.1

Affected Versions hcengineering Huly Platform 0.1
hcengineering Huly Platform 0.2
hcengineering Huly Platform 0.3
hcengineering Huly Platform 0.4
hcengineering Huly Platform 0.5
hcengineering Huly Platform 0.6
hcengineering Huly Platform 0.7.0

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-15T03:15:06.037Z",
    "modified": "2026-06-15T03:15:06.037Z",
    "type": "cve",
    "title": "hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/370855\nhttps://vuldb.com/vuln/370855/cti\nhttps://vuldb.com/cve/CVE-2026-12213\nhttps://vuldb.com/submit/832974",
    "id": "CVE-2026-12213",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "hcengineering Huly Platform 0.1\nhcengineering Huly Platform 0.2\nhcengineering Huly Platform 0.3\nhcengineering Huly Platform 0.4\nhcengineering Huly Platform 0.5\nhcengineering Huly Platform 0.6\nhcengineering Huly Platform 0.7.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Huly Platform",
    "version": "0.1",
    "vendor": "hcengineering",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization_CVE-2026-12213