A vulnerability was found in hcengineering Huly Platform up to 0.7.0 . It has been rated as critical . Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface . The manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-12212 . The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.