What is GHSA-89jh-pgw9-qrmm?

GHSA-89jh-pgw9-qrmm is a security advisory published by GitHub Security Advisories with High severity. HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset...

Which CVE IDs does GHSA-89jh-pgw9-qrmm cover?

GHSA-89jh-pgw9-qrmm covers the following CVE IDs: CVE-2026-21837. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-89jh-pgw9-qrmm?

GHSA-89jh-pgw9-qrmm has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-89jh-pgw9-qrmmHighCVSS 8.8

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset...

Vendor

GitHub Security Advisories

Published

June 5, 2026

Last Modified

June 10, 2026

🔗 CVE IDs covered (1)

CVE-2026-21837 →

📋 Description

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-21837
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849
https://github.com/advisories/GHSA-89jh-pgw9-qrmm