CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

🗓️ 27 May 2026 12:20:42Reported by ibmType

CVE-2026-2607: IBM MQ Operator and Queue Manager container vulnerabilities expose logs to local users.

Reporter	Title	Published	Views	Family All 9
IBM Security Bulletins	Security Bulletin: IBM MQ is vulnerable to a password disclosure vulnerability (CVE-2026-2607)	7 May 202618:06	–	ibm
CNNVD	IBM MQ Operator和IBM supplied MQ Advanced container images 日志信息泄露漏洞	27 May 202600:00	–	cnnvd
CVE	CVE-2026-2607	27 May 202612:20	–	cve
EUVD	EUVD-2026-32271	27 May 202615:33	–	euvd
Tenable Nessus	IBM MQ 9.2 < 9.2.0.42 LTS / 9.3 < 9.4.5.1 CD / 9.3 LTS / 9.4 < 9.4.0.21 LTS / 9.4.5.1 (7271936)	8 May 202600:00	–	nessus
NVD	CVE-2026-2607	27 May 202614:16	–	nvd
Positive Technologies	PT-2026-43697	27 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2607	29 May 202620:13	–	redhatcve
Vulnrichment	CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	27 May 202612:20	–	vulnrichment

[
  {
    "vendor": "IBM",
    "product": "MQ Operator",
    "versions": [
      {
        "status": "affected",
        "version": "SC2: v3.2.0",
        "lessThanOrEqual": "3.2.23CD:  v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29",
        "versionType": "semver"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ibm:mq_operator:sc2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:mq_operator:3.2.23:cd:*:*:*:*:*:*:*"
    ]
  },
  {
    "vendor": "IBM",
    "product": "supplied MQ Advanced container images",
    "versions": [
      {
        "status": "affected",
        "version": "SC2: 9.4.0.6",
        "lessThanOrEqual": "r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1, 9.4.0.10-r2, 9.4.0.11-r1, 9.4.0.11-r2, 9.4.0.11-r3, 9.4.0.12-r1, 9.4.0.15-r1 - 9.4.0.15-r4, 9.4.0.16-r1, 9.4.0.16-r2, 9.4.0.17-r1, 9.4.0.17-r2, 9.4.0.20-r1CD: 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1, 9.4.2.0-r1, 9.4.2.0-r2, 9.4.2.1-r1, 9.4.2.1-r2, 9.4.3.0-r1, 9.4.3.0-r2, 9.4.3.1-r1 - 9.4.3.1-r3, 9.4.4.0-r1 - 9.4.4.0-r4, 9.4.4.1-r1, 9.4.5.0-r1, 9.4.5.0-r2LTS: 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2",
        "versionType": "semver"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:sc2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:supplied_mq_advanced_container_images:r1:*:*:*:*:*:*:*"
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7273145

27 May 2026 12:20Current

CVSS 3.15.1

EPSS0.00131

CWE-532