Multiple vulnerabilities in IBM products (July 10, 2026)
Multiple vulnerabilities have been discovered in IBM products. Some of them allow an attacker to cause remote denial of service, data confidentiality breaches, and server-side request forgery (SSRF).
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to cause remote denial of service, data confidentiality breaches, and server-side request forgery (SSRF).
- Who is affected
- Deployments of affected IBM products are affected.
- Urgency
- Remediation is urgent due to the potential for serious security issues including denial of service and data breaches.
- Action
- Update to the latest versions of affected IBM products.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0865/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-260070.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 26% of all scored CVEs.
- Low exploitation riskCVE-2026-506450.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-398920.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2026-115410.42% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 34% of all scored CVEs.
- Low exploitation riskCVE-2026-115460.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2026-340730.15% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
- Low exploitation riskCVE-2026-115940.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 26% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] Red Hat Ansible Automation Platform: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Apache CXF: Multiple vulnerabilitiescert-bund
- high[NEW] [high] IBM Security Verify Access: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Red Hat Hardened Images RPMs: Multiple vulnerabilitiescert-bund
- medium[NEW] [medium] IBM WebSphere Application Server Liberty: Vulnerability allows denial of servicecert-bund
- unknownMultiple vulnerabilities in IBM products (July 3, 2026)cert-fr-avis
- high[UPDATE] [high] IBM WebSphere Application Server: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] IBM WebSphere Application Server and Application Server Liberty: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Red Hat Enterprise Linux (urllib3): Multiple vulnerabilities allow denial of servicecert-bund
- highCVE-2026-9563: In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did …nvd
- unknownIBM WebSphere Products Multiple Vulnerabilitieshkcert
- high[NEW] [high] IBM WebSphere Application Server Liberty: Multiple vulnerabilitiescert-bund
Recent advisories for IBM products
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownMultiple vulnerabilities in IBM products (July 3, 2026)cert-fr-avis · 2026-07-03
- unknownIBM WebSphere Products Multiple Vulnerabilitieshkcert · 2026-07-02
- unknownMultiple vulnerabilities in IBM products (June 26, 2026)cert-fr-avis · 2026-06-26
- unknownIBM WebSphere Products Multiple Vulnerabilitieshkcert · 2026-06-24
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10