Question 1

What is CVE-2026-21768 — CVE-2026-21768?

Accepted Answer

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

Question 2

What is the authoritative source for CVE-2026-21768?

Accepted Answer

CVE-2026-21768 (CVE-2026-21768) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	6.3 ()
Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Last modified	2026-06-19

CVE-2026-21768CVE-2026-21768

Description

Scoring