CVE Catalog

CVE-2026-21837

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

34th percentile - higher than 34% of all known CVEs

Summary

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

Risk Assessment

This vulnerability poses a significant risk to organizations, allowing attackers to gain control over the system and access sensitive data.

Recommendation

It is recommended to immediately update HCL Digital Experience to the latest version to mitigate this vulnerability and conduct a security audit of the system.

Original NVD description (English source)

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS