Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.23 LTS and 13.1.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-62718)

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality, denial of service and cross-site scripting

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, GHSA-39q2-94rc-95cp, denial of service CVE-2026-33151, CVE-2026-32288 and cross-site scripting CVE-2026-27142. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationRuntime & IntegrationServer operands are vulnerable to loss of confidentiality (CVE-2026-27137) and denial of service (CVE-2026-27138)

Summary IBM App Connect Enterprise Certified Container operator and IntegrationRuntime & IntegrationServer operands are vulnerable to loss of confidentiality CVE-2026-27137 and denial of service CVE-2026-27138. This bulletin provides patch information to address the reported vulnerability in Gola...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution (CVE-2026-29063)

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in node.js module immutable CVE-2026-29063 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-64718)

Summary Node.js module js-yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to cross-site scripting (CVE-2026-25896)

Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in Node.js module...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to remote code execution (CVE-2026-27212)

Summary Node.js module swipper is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution (GHSA-5c6j-r48x-rmvq)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.21 LTS and 12.21.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-24398, CVE-2026-24472, CVE-2026-24473, CVE-2026-24771)

Summary Node.js module Hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to relative path traversal (CVE-2025-22873)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to relative path traversal due to use of Golang module "os". This bulletin provides patch information to address the reported vulnerability in Golang module "os" CVE-2025-22873 Vulnerability Details...

CVE-2025-13491

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.20 LTS and 12.20.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

PT-2026-6556

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise Certified Container versions up to 12.19.0 Continuous Delivery IBM App Connect Enterprise Certified Container version 12.0 LTS Long Term Support Description The software may allow an attacker to access sensitive file...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-64118]

Summary Node.js module tar is used by IBM App Connect Enterprise Certified Container for handling archives files and data. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-48924]

Summary Apache Commons Lang is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and DesignerAuthoring operands are vulnerable to loss of integrity [CVE-2025-47907]

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring operands are vulnerable to loss of integrity due to a vulnerability in the Golang module database/sql. This bulletin provides patch information to address the reported vulnerability in database/sql. CVE-2025-479...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality [CVE-2025-1993]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. This bulletin provides patch information to address the vulnerability in I...