CVE-2026-21837
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk34th percentile - higher than 34% of all known CVEs
Summary
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
Risk Assessment
This vulnerability poses a significant risk to organizations, allowing attackers to gain control over the system and access sensitive data.
Recommendation
It is recommended to immediately update HCL Digital Experience to the latest version to mitigate this vulnerability and conduct a security audit of the system.
Original NVD description (English source)
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

