Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules axios, protobufjs, fast-xml-parser, follow-redirects, brace-expansion,...

CVE-2026-41650 vulnerabilities

Vulnerabilities for packages: tileserver-gl-fips, opensearch-dashboards-fips, librechat, kibana, langfuse, tileserver-gl, prism, langfuse-fips, renovate, saf, opensearch-dashboards, kubeflow-pipelines...

0xuath-sdk-react (>=0.0.2 <=0.0.23), 1-test-gulp-1 (>=0.0.1 <=0.0.4) +17798 more potentially affected by CVE-2026-41650 via fast-xml-parser (>=2.3.1 <=5.6.0)

fast-xml-parser NPM version =2.3.1, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.0.10, =3.1.4, =3.1.6, =0.1.0, =0.0.2, =4.11.2, =2.0.0, =2.6.6 and more Source cves: CVE-2026-41650 Source advisory: OSV:GHSA-GH4J-GQV2-49F6...

CVE-2026-41650

creationtimestamp| type| source ---|---|--- 2026-04-18 02:46:45+00:00| published-proof-of-concept| https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6 2026-05-07 17:49:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlbro3vgly2k...

@activepieces/piece-amazon-textract (>=0.2.0 <=0.3.0), @activepieces/piece-salesforce (=0.7.2) +4 more potentially affected by CVE-2026-41650 +1 more via fast-xml-builder (>=1.1.1 <=1.1.4)

fast-xml-builder NPM version =1.1.1, =0.2.0, =0.2.1, =0.0.4, =10.4.0, =10.5.0 Source cves: CVE-2026-41650, CVE-2026-44664 Source advisory: SNYK:JS-FASTXMLBUILDER-16133760...