CVE-2026-4051
Undergoing Analysis Undergoing Analysis - In Progress
Remote Code Execution in IBM Engineering Lifecycle Management

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: IBM Corporation

Description
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-27
AI Q&A
2026-05-26
EPSS Evaluated
N/A
NVD
CVE-2026-4051
EUVD
EUVD-2026-31951
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
ibm engineering_lifecycle_management to 7.0.3 (inc)
ibm engineering_lifecycle_management to 7.1.0 (inc)
ibm engineering_lifecycle_management to 7.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-749 The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can have a significant impact as it allows an attacker with administrative privileges to execute arbitrary remote code on the affected system. This can lead to full compromise of the system, including unauthorized access, data manipulation, or disruption of services.

The CVSS v3.1 base score of 7.2 indicates a high severity level, reflecting the potential for serious consequences if exploited.


Can you explain this vulnerability to me?

CVE-2026-4051 is a Server Post-Authentication Remote Code Execution (RCE) vulnerability in IBM Engineering Lifecycle Management - Jazz Foundation. It occurs because an exposed method is not properly restricted, allowing an attacker with administrative privileges to execute remote code on the affected system.

This issue is classified under CWE-749 (Exposed Dangerous Method or Function) and affects versions 7.0.3 (up to Interim Fix 021), 7.1.0 (up to Interim Fix 009), and 7.2.0 (up to Interim Fix 001).


What immediate steps should I take to mitigate this vulnerability?

To mitigate the vulnerability CVE-2026-4051 in IBM Engineering Lifecycle Management, you should promptly apply the latest interim fixes provided by IBM.

  • Upgrade to iFix022 for version 7.0.3.
  • Upgrade to iFix010 for version 7.1.0.
  • Upgrade to iFix002 for version 7.2.0.

No workarounds are provided, so applying these fixes promptly is the recommended course of action.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart