Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2026-3505, CVE-2025-14813, CVE-2026-0636, CVE-2026-5598, CVE-2026-33671, CVE-2026-33672, CVE-2026-5588, CVE-2026-40175)

Summary IBM Rational Developer for i is affected by an uncontrolled resource consumption vulnerability in Bcpg CVE-2026-3505, a broken or risky cryptographic vulnerability in Bcprov CVE-2025-14813, an LDAP injection vulnerability in Bcprov CVE-2026-0636, a covert timing channel vulnerability in...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672

Summary IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33671...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch (CVE-2026-33671, CVE-2026-33672)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch CVE-2026-33671, CVE-2026-33672. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672.

Summary IBM Maximo Application Suite - Monitor Component uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written...

Linux Distros Unpatched Vulnerability : CVE-2026-33671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when...

CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +575 more potentially affected by CVE-2026-33672 via picomatch (>=1.2.0 <=2.3.1)

picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33672 Source advisory: OSV:GHSA-3V7F-55P6-F55P...

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33672 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +1068 more potentially affected by CVE-2026-33672 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.17, =0.0.47, =0.0.1, =1.0.0, =1.0.0, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =14.0.0-next.1 and more Source cves: CVE-2026-33672 Source advisory: OSV:GHSA-3V7F-55P6-F55P...

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +72 more potentially affected by CVE-2026-33672 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +1068 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.17, =0.0.47, =0.0.1, =1.0.0, =1.0.0, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =14.0.0-next.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +72 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +573 more potentially affected by CVE-2026-33671 via picomatch (>=2.1.1 <=2.3.1)

picomatch NPM version =2.1.1, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...

GHSA-C2C7-RCM5-VVQJ Picomatch has a ReDoS vulnerability via extglob quantifiers

Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +1068 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.17, =0.0.47, =0.0.1, =1.0.0, =1.0.0, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =14.0.0-next.1 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...