CVE-2026-21837
Last modified
CVE-2026-21837 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.. EPSS estimates a 0.92% chance of exploitation in the next 30 days.
Description
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hcltech | Digital Experience | 9.5 |
| Hcltech | Digital Experience Compose | 9.5 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-21837?
How severe is CVE-2026-21837?
How do I fix CVE-2026-21837?
Are you affected by CVE-2026-21837?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST