6.1

CVE-2026-21826

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HcltechDigital Experience Compose Version9.5 Update-
HcltechDigital Experience Compose Version9.5 Updatecf224
HcltechDigital Experience Compose Version9.5 Updatecf225
HcltechDigital Experience Compose Version9.5 Updatecf226
HcltechDigital Experience Compose Version9.5 Updatecf227
HcltechDigital Experience Compose Version9.5 Updatecf228
HcltechDigital Experience Compose Version9.5 Updatecf229
HcltechDigital Experience Compose Version9.5 Updatecf230
HcltechDigital Experience Compose Version9.5 Updatecf231
HcltechDigital Experience Compose Version9.5 Updatecf232
HcltechDigital Experience Compose Version9.5 Updatecf233
HcltechDigital Experience Compose Version9.5 Updatecf234
HcltechDigital Experience Version9.5 Update-
HcltechDigital Experience Version9.5 Updatecf17
HcltechDigital Experience Version9.5 Updatecf171
HcltechDigital Experience Version9.5 Updatecf172
HcltechDigital Experience Version9.5 Updatecf173
HcltechDigital Experience Version9.5 Updatecf18
HcltechDigital Experience Version9.5 Updatecf181
HcltechDigital Experience Version9.5 Updatecf182
HcltechDigital Experience Version9.5 Updatecf183
HcltechDigital Experience Version9.5 Updatecf184
HcltechDigital Experience Version9.5 Updatecf19
HcltechDigital Experience Version9.5 Updatecf191
HcltechDigital Experience Version9.5 Updatecf192
HcltechDigital Experience Version9.5 Updatecf193
HcltechDigital Experience Version9.5 Updatecf194
HcltechDigital Experience Version9.5 Updatecf195
HcltechDigital Experience Version9.5 Updatecf196
HcltechDigital Experience Version9.5 Updatecf197
HcltechDigital Experience Version9.5 Updatecf198
HcltechDigital Experience Version9.5 Updatecf199
HcltechDigital Experience Version9.5 Updatecf200
HcltechDigital Experience Version9.5 Updatecf201
HcltechDigital Experience Version9.5 Updatecf202
HcltechDigital Experience Version9.5 Updatecf203
HcltechDigital Experience Version9.5 Updatecf204
HcltechDigital Experience Version9.5 Updatecf205
HcltechDigital Experience Version9.5 Updatecf206
HcltechDigital Experience Version9.5 Updatecf207
HcltechDigital Experience Version9.5 Updatecf208
HcltechDigital Experience Version9.5 Updatecf209
HcltechDigital Experience Version9.5 Updatecf210
HcltechDigital Experience Version9.5 Updatecf211
HcltechDigital Experience Version9.5 Updatecf212
HcltechDigital Experience Version9.5 Updatecf213
HcltechDigital Experience Version9.5 Updatecf214
HcltechDigital Experience Version9.5 Updatecf215
HcltechDigital Experience Version9.5 Updatecf216
HcltechDigital Experience Version9.5 Updatecf217
HcltechDigital Experience Version9.5 Updatecf218
HcltechDigital Experience Version9.5 Updatecf219
HcltechDigital Experience Version9.5 Updatecf220
HcltechDigital Experience Version9.5 Updatecf221
HcltechDigital Experience Version9.5 Updatecf222
HcltechDigital Experience Version9.5 Updatecf223
HcltechDigital Experience Version9.5 Updatecf224
HcltechDigital Experience Version9.5 Updatecf225
HcltechDigital Experience Version9.5 Updatecf226
HcltechDigital Experience Version9.5 Updatecf227
HcltechDigital Experience Version9.5 Updatecf228
HcltechDigital Experience Version9.5 Updatecf229
HcltechDigital Experience Version9.5 Updatecf230
HcltechDigital Experience Version9.5 Updatecf231
HcltechDigital Experience Version9.5 Updatecf232
HcltechDigital Experience Version9.5 Updatecf233
HcltechDigital Experience Version9.5 Updatecf234
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.04
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@hcl.com 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849
Vendor Advisory