EUVD-2026-9314

🗓️ 03 Mar 2026 19:38:30Reported by EUVDType

IBM webMethods API Gateway on-prem 10.11–11.1 permits file read via file:// in /createapi url parameter.

Reporter	Title	Published	Views	Family All 9
IBM Security Bulletins	Security Bulletin: IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read (CVE-2026-2606)	10 Apr 202620:00	–	ibm
ATTACKERKB	CVE-2026-2606	3 Mar 202619:38	–	attackerkb
CNNVD	IBM webMethods API Gateway 路径遍历漏洞	3 Mar 202600:00	–	cnnvd
CVE	CVE-2026-2606	3 Mar 202619:38	–	cve
Cvelist	CVE-2026-2606 IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read	3 Mar 202619:38	–	cvelist
NVD	CVE-2026-2606	3 Mar 202620:16	–	nvd
Positive Technologies	PT-2026-22805	3 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2606	4 Mar 202619:45	–	redhatcve
Vulnrichment	CVE-2026-2606 IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read	3 Mar 202619:38	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "2c1147b3-8efe-3749-b997-9fee3cdcbb48",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1a0efad9-f4f2-3288-8513-2c43b1b7017f",
        "product": {
          "name": "webMethods API Gateway (on-prem)"
        },
        "product_version": "10.15 ≤10.15_Fix27"
      },
      {
        "id": "89b9afdc-4bad-3377-94ef-518e4f33d8ab",
        "product": {
          "name": "webMethods API Gateway (on-prem)"
        },
        "product_version": "11.1 ≤11.1_Fix7"
      },
      {
        "id": "8cebb1e9-1aef-357c-ac9f-49ad796423ce",
        "product": {
          "name": "webMethods API Gateway (on-prem)"
        },
        "product_version": "10.11 ≤10.11_Fix32"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7261122

03 Mar 2026 19:38Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.5

EPSS0.00068