Description
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.
Published: 2026-03-16
Score: 1.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Improper control or validation of file upload sizes in HCL AION can lead to excessive consumption of system resources. The weakness, classified as CWE-400, may cause the application to degrade or become unavailable if an attacker uploads files that exceed acceptable limits or floods the system with large payloads. The documented impact is a potential denial of service rather than direct compromise of confidentiality or integrity.

Affected Systems

The vulnerability affects the HCL AION product. No detailed version information is provided, so any deployment of HCL AION should verify whether its installed version is affected by checking release notes or contacting the vendor.

Risk and Exploitability

The CVSS score of 1.8 indicates a low severity rating, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker exploiting the upload mechanism by submitting overly large files; this inference is based on the description of the upload size handling issue. No evidence of active exploitation is reported, and the exploitation would require sufficient network reachability to the application and the capability to send large files.

Generated by OpenCVE AI on March 23, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HCL AION patch or upgrade to a version that addresses the upload size handling issue.
  • If a patch is not available, configure the application and underlying web server to enforce strict file upload size limits and resource quotas.
  • Monitor the application for unusually large upload requests or sudden increases in resource usage, and correlate with logs to detect potential abuse.
  • Keep all components of the HCL AION environment, including the underlying operating system and network infrastructure, updated with the latest security patches.

Generated by OpenCVE AI on March 23, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.
Title HCL AION is affected by a improper handling of uploads files Size
References
Metrics cvssV3_1

{'score': 1.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-16T18:43:45.176Z

Reserved: 2025-06-18T14:00:43.106Z

Link: CVE-2025-52636

cve-icon Vulnrichment

Updated: 2026-03-16T18:43:40.224Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T15:16:17.890

Modified: 2026-04-25T18:04:06.973

Link: CVE-2025-52636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:27Z

Weaknesses