CVE-2026-21768

hcl · verse for android

HCL Verse for Android is susceptible to an injection vulnerability

Description

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

Affected Products

Vendor	Product	Versions
hcl	verse for android	14.5.10

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130866

Related News (1 articles)

Tier C

VulDB10d ago

CVE-2026-21768 | HCL Verse 14.5.10 on Android input validation (KB0130866)

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-20, CWE-79

PublishedJun 19, 2026

Last enriched9d agov2

Trending Score8

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHPRE-CVE

Multiple vulnerabilities in HCL BigFix Compliance (Ruby) allowing code execution, security bypass, data manipulation, information disclosure, and denial of service

Trending: 27

MEDIUMCVE-2026-56457

HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information

Trending: 23

HIGHCVE-2023-37524

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service

Trending: 22

CRITICALCVE-2025-15619EXP

HCL Connections is vulnerable to broken access control

Trending: 21

MEDIUMCVE-2025-59868

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure

Trending: 15

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 19, 2026

Discovered by ZDM

Jun 19, 2026

Updated: description

Jun 19, 2026

Version History

Last enriched 9d ago

v2Tier C9d ago

Updated description with more technical detail and corrected exploit availability status.

description

via VulDB

v110d ago

Initial creation