CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

IBM security advisory (AV26-617)

critical
Serial number: AV26-617 Date: June 22, 2026 Between June 15 and 21, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: Content-Aware Storage - versions 1.0.0 to 1.1.3 DataStage on Cloud Pak for Data - versions prior to 5.3.1.0 Decision Optimization for Cloud Pak for Data - versions 5.0 to 5.3.1 - Patch 4 releases Host On-Demand (HOD) - versions 16.0 to 16.0.1, versions 15.0 to 15.0.4 IBM ApplinX - versions prior to 11.1 and 12.1 IBM Cloud Pak for Data System (CPDS) - versions 1.0.0.0 to 1.0.10.0 IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data - multiple versions IBM Engineering Lifecycle Management on Hybrid Cloud - versions 1.0.0 to 1.3.0 IBM Enterprise Build of Quarkus - versions 3.27.1 to 3.27.4, versions 3.33.1 to 3.33.2 IBM EntireX - versions prior to 11.1 IBM Fusion HCI - versions 2.10.0 to 2.12.1 IBM Fusion - versions 2.9.0 to 2.12.1 IBM Guardium Key Lifecycle Manager (SKLM/GKLM) - versions prior to 4.1 IBM HTTP Server - versions prior to 9.0 and 8.5 IBM MQ Operator - multiple versions IBM Netezza Software - versions prior to 11.3.0.3-IF2 IBM Operational Decision Manager - multiple versions IBM Planning Analytics Local - versions 2.1.0 to 2.1.20 IBM Robotic Process Automation for Cloud Pak - multiple versions IBM Security QRadar Log Management AQL Plugin - versions 1.0.0 to 1.1.5 IBM Sterling Connect:Direct Web Services - versions 6.3.0 to 6.3.0.18 IBM Sterling Connect:Direct Web Services - versions 6.4.0 to 6.4.0.7 IBM Tivoli Netcool Configuration Manager - versions 6.4.2 GA to 6.4.2.24 IBM Watson Speech Services Cartridge - versions 4.0.0 to 5.3.1 IBM supplied MQ Advanced container images - multiple versions IBM webMethods BPM - versions prior to 12.1 and 11.1 ICP - Discovery - versions 5.0.0 to 5.3.1 Langflow OSS - versions 1.0.0 to 1.9.3 MongoDB Enterprise Advanced with IBM - versions Ops-Manager 8.0.0 to 8.0.21 MongoDB Enterprise Advanced with IB

CSIRTS triage

What
Critical updates were published to address vulnerabilities in multiple IBM products.
Who is affected
Users of the affected IBM products are at risk.
Urgency
Remediation is critical due to the severity of the vulnerabilities.
Action
Users should apply the necessary updates immediately.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Content-Aware Storage, DataStage, Decision Optimization, Host On-Demand, ApplinX, Cloud Pak for Data System

Get an email when a new Content-Aware Storage, DataStage, Decision Optimization, Host On-Demand, ApplinX, Cloud Pak for Data System advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-06-22
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/ibm-security-advisory-av26-617

More from Canadian Centre for Cyber Security