CVE-2026-21768

Summary

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareVerse for Android14.5.10affected

Weaknesses

  • CWE-20: CWE-20 Improper input validation
  • CWE-79: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References