Primary

Context

HCL DominoIQ Broken Access Control Vulnerability Allowing Unauthorized Data Access

Vulnerability

Patched

A broken access control vulnerability has been identified in the HCL DominoIQ RAG feature, specifically in version 14.5.1. Under certain conditions, document-level access restrictions may be bypassed when processing AI queries, potentially allowing authenticated attackers to access sensitive data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data by authenticated users.

Remediation

This vulnerability is fixed in HCL Domino version 14.5.1 Interim Fix 1 and later. The latest Notes/Domino fix releases can be downloaded from My HCLSoftware. If there are issues accessing this link, refer to the HCL Support Page KB0109011.

Added: May 20, 2026, 2:27 PM

Updated: May 20, 2026, 2:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL DominoIQ Broken Access Control Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

HCL DominoIQ

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating