Multiple vulnerabilities in IBM products (July 3, 2026)
Multiple vulnerabilities have been discovered in IBM products. Some of them allow an attacker to cause remote arbitrary code execution, privilege escalation, and a remote denial of service.
CSIRTS triage
- What
- Multiple vulnerabilities can allow remote arbitrary code execution, privilege escalation, and remote denial of service.
- Who is affected
- Users of IBM products.
- Urgency
- Remediation urgency is unclear but should be prioritized due to potential impacts.
- Action
- Monitor for updates from IBM regarding these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch null
Get an email when a new null advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0834/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-506450.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-420410.61% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Low exploitation riskCVE-2026-398920.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2024-75310.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all scored CVEs.
- Moderate exploitation riskCVE-2021-35721.7% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 74% of all scored CVEs.
- Low exploitation riskCVE-2026-444320.68% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Low exploitation riskCVE-2025-146880.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Moderate exploitation riskCVE-2024-120861.8% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 75% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] Red Hat OpenShift Container Platform: Vulnerability allows Denial of Servicecert-bund
- high[UPDATE] [high] Red Hat Enterprise Linux and Satellite (satellite/iop-remediations-rhel9 container image): Mul…cert-bund
- low[UPDATE] [low] Python (CPython Zipfile Module): Vulnerability allows file manipulationcert-bund
- low[UPDATE] [low] Python: Vulnerability allows information disclosurecert-bund
- medium[UPDATE] [medium] Red Hat Ansible Automation Platform: Multiple vulnerabilitiescert-bund
- medium[UPDATE] [medium] Apache CXF: Multiple vulnerabilitiescert-bund
- unknownMultiple vulnerabilities in IBM products (July 10, 2026)cert-fr-avis
- high[NEW] [high] IBM Operational Decision Manager: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira and Jira Service Management: …cert-bund
- high[NEW] [high] Dell PowerProtect Data Domain: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Kiali for Red Hat OpenShift Service Mesh (Axios, Go, Follow-redirects): Multiple vulnerabiliti…cert-bund
- high[UPDATE] [high] Atlassian products (Bamboo, Bitbucket, Confluence, Crucible, Fisheye, and Jira): Multiple vuln…cert-bund
Recent advisories for IBM products
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownMultiple vulnerabilities in IBM products (July 10, 2026)cert-fr-avis · 2026-07-10
- unknownIBM WebSphere Products Multiple Vulnerabilitieshkcert · 2026-07-02
- unknownMultiple vulnerabilities in IBM products (June 26, 2026)cert-fr-avis · 2026-06-26
- unknownIBM WebSphere Products Multiple Vulnerabilitieshkcert · 2026-06-24
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10