CVE-2026-21768

MEDIUM EPSS 1.6%
Published Jun 19, 20262w ago · Modified Jun 22, 20261w ago
6.3 CVSS 3.1
Medium
Find Similar
Published Jun 19, 2026 2w ago
Last Modified Jun 22, 2026 1w ago

Description

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

CVSS Details

Base Score
6.3
Exploitability
1.0
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
1.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-20 Improper Input Validation Validation
CWE-79 Cross-site Scripting Injection

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.