CVE-2026-21837
Analyzed Analyzed - Analysis Complete
OS Command Injection in HCL Digital Experience

Publication date: 2026-06-05

Last updated on: 2026-06-10

Assigner: HCL Software

Description
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.Β  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-10
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-21837
EUVD
EUVD-2026-34786
Affected Vendors & Products
Showing 67 associated CPEs
Vendor Product Version / Range
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an OS command injection in the Digital Asset Management API of HCL Digital Experience. It allows an attacker to execute arbitrary operating system commands on the affected system.

The commands executed by the attacker typically inherit the privileges of the vulnerable application, which can lead to serious security issues.

Impact Analysis

Exploitation of this vulnerability could lead to a complete system takeover by the attacker.

It may also result in data compromise, as the attacker can execute arbitrary commands with the application's privileges.

Compliance Impact

The vulnerability in HCL Digital Experience allows an attacker to execute arbitrary operating system commands, potentially leading to complete system takeover and data compromise.

Such a compromise of system integrity and data confidentiality could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system security.

However, the provided information does not explicitly describe the direct effects on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-21837. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart