CVE-2026-21826— HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCLSoftware | Digital Experience & DX Compose | 9.5 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-21826
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL Digital Experience和HCL Digital Experience Compose 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL Digital Experience和HCL Digital Experience Compose都是印度HCL公司的产品。HCL Digital Experience是一套数字体验平台,内容交付解决方案。HCL Digital Experience Compose是一个企业级内容创作与数字体验管理平台。 HCL Digital Experience和HCL Digital Experience Compose存在安全漏洞,该漏洞源于容易受到主机标头注入攻击,可能导致攻击者操纵主机标头使应用程序出
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HCLSoftware | Digital Experience & DX Compose | 9.5 | - |
II. Public POCs for CVE-2026-21826
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-21826
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-21826 (1)
Same Patch Batch · HCLSoftware · 2026-06-05 · 3 CVEs total
| CVE-2026-21825 | 6.1 MEDIUM | HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulne |
| CVE-2026-21837 | HCL Digital Experience is affected by an OS command injection vulnerability in the Digital |
IV. Related Vulnerabilities
Same vendor: HCLSoftware
- CVE-2026-21768
HCL Verse for Android is susceptible to an injection vulnera - CVE-2026-21825
HCL Digital Experience Compose is affected by a reflected cr - CVE-2026-21837
HCL Digital Experience is affected by an OS command injectio - CVE-2025-62338
HCL BigFix Cloud Lifecycle Management is affected by lack of - CVE-2026-21785
HCL BigFix Remote Control Server WebUI is affected by a misc
Same weakness: CWE-601
- CVE-2026-47645
Microsoft 365 Copilot's Business Chat Elevation of Privilege - CVE-2026-12622
Open Redirect Vulnerability in Password Reset Submission in - CVE-2026-48895
Apache APISIX: Cas-auth Host header influence on CAS service - CVE-2026-44915
Apache APISIX: Cas-auth plugin open redirect via unsanitized - CVE-2026-12049
pgAdmin 4: Open redirect in multi-factor authentication flow
V. Comments for CVE-2026-21826
No comments yet