CVE-2026-21837
8.8 HIGHHCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API
Published: 2026-06-05 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-78
Affected products
| Vendor | Product |
|---|---|
| hcltech | digital_experience, digital_experience_compose |
Description
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-21826 — HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection (6.1 MEDIUM)
- CVE-2026-21825 — HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center (6.1 MEDIUM)
- CVE-2025-52612 — HCL iControl was affected by Export CSV - CSV Injection vulnerability (7.1 HIGH)
- CVE-2025-52611 — HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)
- CVE-2025-52609 — HCL iControl was affected by Missing Security Headers vulnerability (3.7 LOW)
Same CWE
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-42563 — Dulwich is a pure-Python implementation of the Git file formats and protocols
- CVE-2026-0273 — A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrict...
- CVE-2026-6893 — A flaw was found in dracut (8.8 HIGH)
- CVE-2026-46643 — Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page