{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21826", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2026-01-05T16:08:22.255Z", "datePublished": "2026-06-05T05:58:31.449Z", "dateUpdated": "2026-06-09T14:38:10.191Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-06-05T05:58:31.449Z"}, "title": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection", "datePublic": "2026-06-05T05:37:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-601", "description": "CWE-601 URL redirection to untrusted site ('open redirect')", "type": "CWE"}]}], "affected": [{"vendor": "HCLSoftware", "product": "Digital Experience & DX Compose", "versions": [{"status": "affected", "version": "9.5"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. \u00a0An attacker can manipulate the Host header\u00a0and cause the application to behave in unexpected ways.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T13:28:00.599027Z", "id": "CVE-2026-21826", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T14:38:10.191Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21826", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-09T13:28:00.599027Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T13:28:08.863Z"}}], "cna": {"title": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCLSoftware", "product": "Digital Experience & DX Compose", "versions": [{"status": "affected", "version": "9.5"}], "defaultStatus": "unaffected"}], "datePublic": "2026-06-05T05:37:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. \u00a0An attacker can manipulate the Host header\u00a0and cause the application to behave in unexpected ways.", "supportingMedia": [{"type": "text/html", "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL redirection to untrusted site ('open redirect')"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-06-05T05:58:31.449Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21826", "state": "PUBLISHED", "dateUpdated": "2026-06-09T14:38:10.191Z", "dateReserved": "2026-01-05T16:08:22.255Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-06-05T05:58:31.449Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. \u00a0An attacker can manipulate the Host header\u00a0and cause the application to behave in unexpected ways."}], "id": "CVE-2026-21826", "lastModified": "2026-06-05T16:05:36.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2026-06-05T07:16:29.883", "references": [{"source": "psirt@hcl.com", "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Digital Experience & DX Compose", "source": "cna", "vendor": "HCLSoftware"}, "product": "digital_experience", "vendor": "hcltech"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.5"}}], "original": {"product": "Digital Experience & DX Compose", "source": "cna", "vendor": "HCLSoftware"}, "product": "dx_compose", "vendor": "hcltech"}], "created": "2026-06-05T08:00:19.583516+00:00", "updated": "2026-06-05T10:07:03.755299+00:00", "vendors": ["hcltech", "hcltech$PRODUCT$digital_experience", "hcltech$PRODUCT$dx_compose"]}