CVE-2026-21826

MEDIUM

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection

Title source: cna

Description

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

References (1)

Core 1

Core References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849

Scores

CVSS v3 6.1

EPSS 0.0014

EPSS Percentile 4.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (2)

HCLSoftware/Digital Experience & DX Compose 9.5

hcltech/digital_experience 9.5 (49 CPE variants)

Published Jun 05, 2026

Tracked Since Jun 05, 2026