Cross-Site Scripting Vulnerability in HCL Connections Software
CVE-2026-21788

5.4MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Connections
Vendor: CVE Published:; 19 March 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2026-21788?

HCL Connections features a cross-site scripting vulnerability that can be exploited by an attacker to inject and execute arbitrary script code in the browser of an unsuspecting user. This exploitation may lead to the theft of cookie-based authentication credentials, compromising user accounts and potentially enabling further malicious attacks. Users are urged to apply the latest updates to protect their systems from these types of security threats.

Affected Version(s)

Connections 8

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21788 Data

JSON