CVE-2026-12212 | hcengineering Huly Platform up to 0.7.0 RPC Interface operations.ts getMailboxSecret access control

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. It has been rated as critical. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls.

This vulnerability is listed as CVE-2026-12212. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More