CVE-2026-21826
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
Risk Assessment
Manipulating the Host header may allow an attacker to take control of the application or mislead users, posing a serious security threat to the organization.
Recommendation
It is recommended to monitor and validate HTTP headers, as well as update the software to the latest version to minimize the risk associated with this vulnerability.
Original NVD description (English source)
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

