HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as

Description

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible.

Affected Products

Vendor	Product	Versions
hcl	aion	< 2.1.2

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410(Vendor Advisory)

CVSS 3.15.6 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

2.1.2

CWECWE-345

PublishedMar 16, 2026

Last enriched9h ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as

Description

Affected Products

References

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline