{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21826", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2026-01-05T16:08:22.255Z", "datePublished": "2026-06-05T05:58:31.449Z", "dateUpdated": "2026-06-05T05:58:31.449Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-06-05T05:58:31.449Z"}, "title": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection", "datePublic": "2026-06-05T05:37:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-601", "description": "CWE-601 URL redirection to untrusted site ('open redirect')", "type": "CWE"}]}], "affected": [{"vendor": "HCLSoftware", "product": "Digital Experience & DX Compose", "versions": [{"status": "affected", "version": "9.5"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. \u00a0An attacker can manipulate the Host header\u00a0and cause the application to behave in unexpected ways.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. \u00a0An attacker can manipulate the Host header\u00a0and cause the application to behave in unexpected ways."}], "id": "CVE-2026-21826", "lastModified": "2026-06-05T16:05:36.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2026-06-05T07:16:29.883", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Digital Experience & DX Compose", "source": "cna", "vendor": "HCLSoftware"}, "product": "digital_experience", "vendor": "hcltech"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.5"}}], "original": {"product": "Digital Experience & DX Compose", "source": "cna", "vendor": "HCLSoftware"}, "product": "dx_compose", "vendor": "hcltech"}], "created": "2026-06-05T08:00:19.583516+00:00", "updated": "2026-06-05T10:07:03.755299+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$digital_experience", "hcltech$PRODUCT$dx_compose"]}