CVE-2026-21826

Analyzed Analyzed - Analysis Complete

Host Header Injection in HCL Digital Experience

Publication date: 2026-06-05

Last updated on: 2026-06-10

Assigner: HCL Software

Description

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-05

Last Modified

2026-06-10

Generated

2026-06-25

AI Q&A

2026-06-05

EPSS Evaluated

2026-06-24

NVD

CVE-2026-21826

EUVD

EUVD-2026-34787

Affected Vendors & Products

Vendor	Product	Version / Range
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience_compose	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5
hcltech	digital_experience	9.5

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-601	The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

Executive Summary

This vulnerability involves Host header injection in HCL Digital Experience and HCL Digital Experience Compose. An attacker can manipulate the Host header in HTTP requests, which may cause the application to behave in unexpected or unintended ways.

Impact Analysis

Exploitation of this vulnerability can lead to unexpected application behavior, potentially allowing attackers to perform actions such as web cache poisoning, password reset poisoning, or redirecting users to malicious sites. The CVSS score indicates a moderate impact with low complexity and no privileges required, but user interaction is needed.

Compliance Impact

The provided information does not specify how the Host header injection vulnerability in HCL Digital Experience and HCL Digital Experience Compose impacts compliance with common standards and regulations such as GDPR or HIPAA.

Hi! I’m here to help you understand CVE-2026-21826. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-21826

Host Header Injection in HCL Digital Experience

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart