HCL Digital Experience is affected by an OS command injection...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

Basic Information

ID CVE-2026-21837

Source HCL

Published Jun 5, 2026 at 05:50

Affected Product

Vendor HCLSoftware

Product Digital Experience

Version 9.5

Affected Versions HCLSoftware Digital Experience 9.5

CWE Classification

CWE-78

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.\u00a0 An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.",
    "published": "2026-06-05T05:50:58.161Z",
    "modified": "2026-06-05T05:50:58.161Z",
    "type": "cve",
    "title": "HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849",
    "id": "CVE-2026-21837",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "HCLSoftware Digital Experience 9.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Digital Experience",
    "version": "9.5",
    "vendor": "HCLSoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API_CVE-2026-21837