CVE Catalog

CVE-2026-21768

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android fails to properly validate all HTML input, potentially allowing malicious content to be executed in certain situations.

Risk Assessment

Improper input validation may allow attackers to inject malicious code, posing a risk to user security and data.

Recommendation

It is recommended to update the compose-rich-editor library to the latest version that improves HTML input validation.

Original NVD description (English source)

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS