Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-27601)

Summary IBM Security SOAR uses an older version of the Underscore.js component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION:...

jupyter-nbclassic-1.3.3-1.1 on GA media (moderate)

jupyter-nbclassic-1.3.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10440-1 Rating: moderate Cross-References: CVE-2026-27601 CVSS scores: CVE-2026-27601 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-27601 SUSE : 6.3...

jupyter-matplotlib-0.11.7-17.1 on GA media (moderate)

jupyter-matplotlib-0.11.7-17.1 on GA media Announcement ID: openSUSE-SU-2026:10427-1 Rating: moderate Cross-References: CVE-2026-27601 CVSS scores: CVE-2026-27601 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-27601 SUSE : 6.3...

OESA-2026-1579 nodejs-underscore security update

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...

OESA-2026-1578 nodejs-underscore security update

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...

AZL-79343 CVE-2026-27601 affecting package cyrus-sasl-bootstrap 2.1.28-8

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

org.openprovenance.prov:service-templates (>=2.0.6 <=2.1.0), org.webjars.npm:httpntlm (=1.7.7) potentially affected by CVE-2026-27601 via org.webjars.npm:underscore (>=1.12.1 <=1.13.6)

org.webjars.npm:underscore MAVEN version =1.12.1, =2.0.6, =2.1.0 - org.webjars.npm:httpntlm =1.7.7 Source cves: CVE-2026-27601 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15369787...