CVE-2026-21826
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HCLSoftware | Digital Experience & DX Compose | 9.5 | affected |
Weaknesses
- CWE-601: CWE-601 URL redirection to untrusted site ('open redirect')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.