CVE-2026-21826

Summary

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareDigital Experience & DX Compose9.5affected

Weaknesses

  • CWE-601: CWE-601 URL redirection to untrusted site ('open redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References