Vulnerability Details CVE-2026-35143
HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery (CSRF) attacks if additional mitigations, such as Anti-CSRF tokens, are not implemented.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 1.4%
CVSS Severity
CVSS v3 Score 3.0
Products affected by CVE-2026-35143
-
cpe:2.3:a:hcltech:dfxanalytics:2.6.0
-
cpe:2.3:a:hcltech:dfxanalytics:2.6.1
-
cpe:2.3:a:hcltech:dfxanalytics:2.7.0
-
cpe:2.3:a:hcltech:dfxanalytics:2.8.0
-
cpe:2.3:a:hcltech:dfxanalytics:2.8.1
-
cpe:2.3:a:hcltech:dfxanalytics:2.8.2
-
cpe:2.3:a:hcltech:dfxanalytics:2.9
-
cpe:2.3:a:hcltech:dfxanalytics:2.9.0
-
cpe:2.3:a:hcltech:dfxanalytics:2.9.1
-
cpe:2.3:a:hcltech:dfxanalytics:3.0