Multiple vulnerabilities in IBM products (June 26, 2026)
Multiple vulnerabilities have been discovered in IBM products. Some of them allow an attacker to cause remote arbitrary code execution, privilege escalation, and remote denial of service.
CSIRTS triage
- What
- Multiple vulnerabilities in IBM products can lead to remote code execution and privilege escalation.
- Who is affected
- Users of affected IBM products.
- Urgency
- Immediate action is required due to the severity of the vulnerabilities.
- Action
- Update IBM products to the latest versions to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0810/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-55880.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2025-363530.15% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
- Low exploitation riskCVE-2025-661990.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Moderate exploitation riskCVE-2026-338711.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 62% of all scored CVEs.
- Low exploitation riskCVE-2025-25340.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 18% of all scored CVEs.
- Low exploitation riskCVE-2026-420410.61% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Low exploitation riskCVE-2025-138670.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-424020.71% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 49% of all scored CVEs.
- Low exploitation riskCVE-2025-26680.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] Golang Go: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] cPython: Vulnerability allows Denial of Servicecert-bund
- medium[UPDATE] [medium] Netty: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Red Hat JBoss Enterprise Application Platform (bouncycastle): Vulnerability allows informati…cert-bund
- high[UPDATE] [high] Bouncy Castle BC-JAVA: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Apache log4j: Multiple vulnerabilities allow file manipulationcert-bund
- medium[UPDATE] [medium] Golang Go-Module (Net, Image, Crypto): Multiple Vulnerabilitiescert-bund
- unknownMultiple vulnerabilities in IBM products (July 10, 2026)cert-fr-avis
- high[NEW] [high] IBM Operational Decision Manager: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Oracle Java SE: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira and Jira Service Management: …cert-bund
- high[NEW] [high] Dell PowerProtect Data Domain: Multiple vulnerabilitiescert-bund
Recent advisories for IBM products
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownMultiple vulnerabilities in IBM products (July 10, 2026)cert-fr-avis · 2026-07-10
- unknownMultiple vulnerabilities in IBM products (July 3, 2026)cert-fr-avis · 2026-07-03
- unknownIBM WebSphere Products Multiple Vulnerabilitieshkcert · 2026-07-02
- unknownIBM WebSphere Products Multiple Vulnerabilitieshkcert · 2026-06-24
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10