Hcltech Digital Experience Compose — known CVE vulnerabilities
Every CVE whose affected-product data names Hcltech Digital Experience Compose, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-21837 — CVSS 8.8 (high): HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute…
CVE-2026-21825 — CVSS 6.1 (medium): HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could…
CVE-2026-21826 — CVSS 6.1 (medium): HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the…