CVE Catalog
CVE-2026-21768
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk0.11%
2th percentile — higher than 2% of all known CVEs
Summary
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android fails to properly validate all HTML input, potentially allowing malicious content to be executed in certain situations.
Risk Assessment
Improper input validation may allow attackers to inject malicious code, posing a risk to user security and data.
Recommendation
It is recommended to update the compose-rich-editor library to the latest version that improves HTML input validation.
Original NVD description (English source)
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

