CVE Catalog

CVE-2026-21826

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

Risk Assessment

Manipulating the Host header may allow an attacker to take control of the application or mislead users, posing a serious security threat to the organization.

Recommendation

It is recommended to monitor and validate HTTP headers, as well as update the software to the latest version to minimize the risk associated with this vulnerability.

Original NVD description (English source)

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS