Security Bulletin: Vulnerability in form-data might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by a vulnerability in form-data. Vulnerabilities include the use of insufficiently random values allowing HTTP Parameter Pollution HPP. More details are described by the CVEs in the "Vulnerability Details" section...

Security Bulletin: Security vulnerability was found in IBM WebSphere Application Server provided with IBM Security Verify Directory (CVE-2025-7962)

Summary Security vulnerability was addressed in WebSphere Application Server provided with IBM Security Verify Directory Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate...

Security Bulletin: Security vulnerability was found in IBM Security Directory Integrator (CVE-2024-28765)

Summary Security vulnerability has been addressed in the IBM Security Directory Integrator Vulnerability Details CVEID:CVE-2024-28765 DESCRIPTION: IBM Security Directory Integrator could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jsdiff JavaScript library

Summary Due to use of the jsdiff JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff is a JavaScript text differencing implementation. Prior to versions...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the lodash JavaScript library

Summary Due to use of the lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution...

Security Bulletin: Due to the use of WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to cross-site scripting and arbitrary code execution

Summary IBM Tivoli Application Dependency Discovery Manager bundles WebSphere Application Server Liberty, vulnerabilities have been remediated in an efix Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...

Security Bulletin: Certificate Name Constraints Bypass via Wildcard SANs affects watsonx.data

Summary Improper enforcement of certificate name constraints allows wildcard SANs e.g., .example.com to bypass excluded subdomain restrictions e.g., test.example.com, potentially enabling unauthorized certificate usage.This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-61727...

Security Bulletin: Expr Built-in Functions Recursion DoS Vulnerability (Fixed in v1.17.7) affects watsonx.data

Summary Expr prior to v1.17.7 is vulnerable to a Denial-of-Service DoS due to unbounded recursion in certain built-in functions, which can cause stack overflow and application crashes when processing deeply nested or cyclic data. Fixed in v1.17.7. This can affect watsonx.data. Vulnerability Detai...

Security Bulletin: Fulcio OIDC Token Parsing DoS Vulnerability in extractIssuerURL affects watsonx.data

Summary ulcio prior to 1.8.3 is vulnerable to a Denial-of-Service DoS issue where malicious OIDC tokens containing excessive period characters can trigger high memory allocation during parsing. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-66506 DESCRIPTION: Fulcio is a...

Security Bulletin: jose4j JWE Decompression DoS Vulnerability (Fixed in 0.9.6), affects watsonx.data

Summary n jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time...

Security Bulletin: MCP Python SDK DNS Rebinding Vulnerability in HTTP Servers (Fixed in 1.23.0) affects watsonx.data

Summary The MCP Python SDK mcp prior to 1.23.0 did not enable DNS rebinding protection by default for HTTP-based servers. This could allow a malicious website to bypass same-origin policies and send requests to a local MCP server running without authentication. This can affect watsonx.data...

Security Bulletin: LangChain Serialization Injection Vulnerability in dumps()/dumpd() (Fixed in 0.3.81 / 1.2.5) affects watsonx.data

Summary A serialization injection vulnerability in LangChain's dumps and dumpd functions pre-0.3.81 / 1.2.5 allows user-controlled data with 'lc' keys to be deserialized as objects. This issue is fixed in versions 0.3.81 and 1.2.5. This can affect watsonx.data. Vulnerability Details...

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in OWASP Java HTML Sanitizer via HtmlPolicyBuilder noscript/style Tags (v20240325.1), affects watsonx.data

Summary A vulnerability in OWASP Java HTML Sanitizer v20240325.1 allows Cross-Site Scripting XSS when HtmlPolicyBuilder permits noscript or style tags with allowTextIn. Unsanitized CSS or unexpected tags can be exploited by attackers. No patch is available at the time of this publication. This ca...

Security Bulletin: Session Cookie Exposure via Improper Cache Handling in Flask (≤ v2.3.1, ≤ v2.2.4), affects watsonx.data

Summary A vulnerability in Flask ≤ v2.3.1, ≤ v2.2.4 can cause session cookies to be exposed when responses are cached by a proxy. This occurs if sessions are permanent but not accessed during a request, combined with default cache settings. The issue is fixed in versions 2.3.2 and 2.2.5. This can...

Security Bulletin: Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities (CVE-2025-66614, CVE-2026-24733, CVE-2026-24734) and an 'Injection' vulnerability (CVE-2026-27727).

Summary Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities CVE-2025-66614, CVE-2026-24733, CVE-2026-24734 and an Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'...

Security Bulletin: Log Injection Vulnerability in orydolphin/flask-cors (Debug Logging) affects watsonx.data

Summary A vulnerability in orydolphin/flask-cors allows attackers to inject malicious log entries when debug logging is enabled. By sending specially crafted requests containing CRLF sequences, an attacker can corrupt or forge log entries, potentially obscuring other attacks or disrupting log...

Security Bulletin: Improper Unicode Handling in validator isLength() Leads to Input Length Bypass (Pre-13.15.22) affects watsonx.data

Summary Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string...

Security Bulletin: Dynamic XSS Vulnerability in GraphiQL via Malicious Schema Introspection Responses (Pre-v1.4.7) watsonx.data

Summary All versions of GraphiQL before 1.4.7 are vulnerable to a dynamic XSS flaw triggered by malicious schema introspection responses or crafted type names, potentially allowing code injection during autocomplete—especially in custom setups where the schema endpoint can be user-controlled. Thi...

Security Bulletin: High Resource Consumption Vulnerability in urllib3 Streaming API Due to Improper Handling of Highly Compressed Data (≤ v2.6.0) affects watsonx.data

Summary A vulnerability in the urllib3 Streaming API versions 1.0 through 2.6.0 allows highly compressed HTTP responses to be decompressed in a way that can consume excessive system resources. When processing compressed data e.g., gzip or brotli, the library may fully decompress a small input int...

Security Bulletin: Signature Verification Bypass Vulnerability in auth0/node-jws (HS256, ≤ v3.2.2 & v4.0.0) affects watsonx.data

Summary A vulnerability in auth0/node-jws allows attackers to bypass signature verification when using the HS256 algorithm under certain conditions. The issue occurs when applications rely on user-controlled data for HMAC secret lookup during verification. This can affect watsonx.data...

Security Bulletin: Cookie Parsing Vulnerability in Werkzeug Allows Subdomain Cookie Injection (≤ v2.2.2), affects watsonx.data

Summary A vulnerability in Werkzeug prior to v2.2.3 allows malicious subdomains to inject crafted "nameless" cookies that are incorrectly parsed as valid cookies. This can cause applications to accept attacker-controlled values, potentially leading to security issues. This can affect watsonx.data...

Security Bulletin: Arbitrary File Read, SSRF, and Code Execution Vulnerabilities in TensorFlow Keras Model Loading (v2.13) affects watsonx.data

Summary A vulnerability in TensorFlow Keras v2.13 allows malicious .keras model files to trigger arbitrary local file reads, Server-Side Request Forgery SSRF, and potential code execution during model loading—even when safemode=True is enabled. The issue arises from improper handling of external...

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in Jinja via xmlattr Filter Attribute Injection affects watsonx.data

Summary A vulnerability in Jinja allows attackers to inject arbitrary HTML attributes through the xmlattr filter, potentially bypassing escaping and validation mechanisms. This can lead to Cross-Site Scripting XSS in affected applications. This can affect watsonx.data. Vulnerability Details...

Security Bulletin: Denial-of-Service Vulnerability in WebAssembly Micro Runtime (WAMR) LLVM-JIT Mode (≤ v2.4.1) affects watsonx.data

Summary A vulnerability in WebAssembly Micro Runtime WAMR prior to v2.4.2 causes the runtime to hang or crash when executing WebAssembly programs with memory.fill instructions targeting addresses ≥ 2 GiB in LLVM-JIT mode. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-58749...

Security Bulletin: Local Out-of-Bounds Write Vulnerability in mruby ary_fill_exec Function (v3.4.0), affects watsonx.data

Summary A local vulnerability in mruby v3.4.0 allows out-of-bounds writes via the aryfillexec function when manipulating the start or length arguments. Exploits are publicly available, and applying the patch 93619f06dd378db6766666b30c08978311c7ec94 is recommended. This can affect watsonx.data...

Security Bulletin: Vulnerability in golang.org/x/crypto bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage include golang.org/x/crypto which could cause early termination of client process. CVE-2025-47913. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response...

Security Bulletin: Certificate Name Constraints Algorithm Vulnerable to Non-Linear Processing DoS affects watsonx.data

Summary A flaw in the certificate name constraints checking algorithm can lead to non-linear processing time, allowing specially crafted certificate chains to cause excessive resource consumption and potential Denial-of-Service DoS. This can affect watsonx.data. Vulnerability Details...

Security Bulletin: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability (ZDI-CAN-21876), affects watsonx.data

Summary Ruby WEBrick is vulnerable to HTTP request smuggling via the readheader method due to inconsistent parsing of HTTP header terminators. Exploitation is possible when deployed behind certain HTTP proxies, allowing attackers to smuggle arbitrary HTTP requests. This can affect watsonx.data...

Security Bulletin: Highlight.js Prototype Pollution Vulnerability in Code Block Parsing, affects watsonx.data

Summary Highlight.js versions prior to 9.18.2 and 10.1.2 are vulnerable to prototype pollution via malicious HTML in user-supplied code blocks. This can cause unexpected application behavior or crashes, representing a potential DoS vector. This can affect watsonx.data. Vulnerability Details...

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access OIDC Provider

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2026-24051 DESCRIPTION: OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking...

Security Bulletin: Vulnerabilities in Glob might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Glob. The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names as described by the CVEs in the...

Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Premium Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any proje...

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary The affects the Universal Serial Bus USB ports of the system's management interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzz...

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary This affects the system management Universal Serial Bus USB interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that...

Security Bulletin: Due to use of Apache Tika, IBM Operations Analytics - Log Analysis is affected by XML External Entity (XXE) vulnerability

Summary Apache Tika in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the extraction of text and metadata from uploaded documents so they can be indexed and searched through Solr's ExtractingRequestHandler. CVE-2025-54988, CVE-2025-66516 Vulnerability Details...

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address multiple vulnerabilities CVE-2026-27970, CVE-2026-29063, CVE-2025-68161, CVE-2026-27830, CVE-2024-31033, CVE-2026-33671, CVE-2026-33672, CVE-2026-32635, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610, WS-2026-0003. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.22 LTS and 13.0.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution (CVE-2026-29063)

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in node.js module immutable CVE-2026-29063 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to path traversal (CVE-2026-29087) and timing oracle attacks (GHSA-gq3j-xvxp-8hrf)

Summary Node.js module hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to path traversal CVE-2026-29087 and timing oracle attacks GHSA-gq3j-xvxp-8hrf. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-30922)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Python module pyasn1 CVE-2026-30922 Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise Certified Container operator is vulnerable to denial of service (CVE-2026-25518)

Summary Golang module cert-manager/cert-manager is used by IBM App Connect Enterprise Certified Container for interacting with the Kubernetes cluster cert-manager. IBM App Connect Enterprise Certified Container operator is vulnerable to denial of service. This bulletin provides patch information ...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting (CVE-2025-15599, CVE-2026-0540) and loss of confidentiality (CVE-2025-68470, CVE-2026-22029)

Summary Node.js modules DomPurify and React Router are used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting CVE-2025-15599, CVE-2026-0540 and loss of confidentiality CVE-2025-68470,...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality (CVE-2026-27959)

Summary Node.js module Koa is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Node.js modu...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to vulnerabilities in Node.js dependencies

Summary Node.js is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules ajv CVE-2025-69873, axios...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-64718)

Summary Node.js module js-yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

Security Bulletin: DevOps Test Performance contains a vulnerabilty related to use of the qs library

Summary Due to the use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential denial-of-service vulnerability. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the DOMPurify library

Summary Due to the use of the DOMPurify library, DevOps Test Performance and Rational Performance Tester contain a cross-site scripting XSS vulnerability CVE-2025-15599, CVE-2026-0540 Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the @appium/support package

Summary Due to the use of the @appium/support package, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability CVE-2026-30973, Vulnerability Details CVEID:CVE-2026-30973 DESCRIPTION: Appium is an automation framework that provides WebDriver-based...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a prototype pollution vulnerability in the immutable library with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1,...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a prototype pollution vulnerability in the immutable library with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1,...