HCL Digital Experience and HCL Digital Experience Compose could be...

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

Basic Information

ID CVE-2026-21826

Source HCL

Published Jun 5, 2026 at 05:58

Affected Product

Vendor HCLSoftware

Product Digital Experience & DX Compose

Version 9.5

Affected Versions HCLSoftware Digital Experience & DX Compose 9.5

CWE Classification

CWE-601

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. \u00a0An attacker can manipulate the Host header\u00a0and cause the application to behave in unexpected ways.",
    "published": "2026-06-05T05:58:31.449Z",
    "modified": "2026-06-05T05:58:31.449Z",
    "type": "cve",
    "title": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849",
    "id": "CVE-2026-21826",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "HCLSoftware Digital Experience & DX Compose 9.5",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Digital Experience & DX Compose",
    "version": "9.5",
    "vendor": "HCLSoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection_CVE-2026-21826