CVE-2026-4051
Analyzed Analyzed - Analysis Complete
Remote Code Execution in IBM Engineering Lifecycle Management

Publication date: 2026-05-26

Last updated on: 2026-05-27

Assigner: IBM Corporation

Description
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4051
EUVD
EUVD-2026-31951
Affected Vendors & Products
Showing 33 associated CPEs
Vendor Product Version / Range
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.1.0
ibm engineering_lifecycle_management 7.2.0
ibm engineering_lifecycle_management 7.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-749 The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an attacker with administrative privileges to execute remote code, which can lead to unauthorized access, data modification, or disruption of services. Such security breaches can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity.

Because the vulnerability involves high severity risks to confidentiality, integrity, and availability (as indicated by the CVSS score of 7.2 with high impact on C, I, and A), organizations using affected IBM Engineering Lifecycle Management versions may face increased risk of non-compliance if the vulnerability is exploited.

Applying the recommended fixes promptly is critical to mitigate these risks and maintain compliance with regulatory requirements.

Executive Summary

CVE-2026-4051 is a Server Post-Authentication Remote Code Execution (RCE) vulnerability in IBM Engineering Lifecycle Management - Jazz Foundation. It occurs because an exposed method is not properly restricted, allowing an attacker with administrative privileges to execute remote code on the affected system.

This issue is classified under CWE-749 (Exposed Dangerous Method or Function) and affects versions 7.0.3 (up to Interim Fix 021), 7.1.0 (up to Interim Fix 009), and 7.2.0 (up to Interim Fix 001).

Mitigation Strategies

To mitigate the vulnerability CVE-2026-4051 in IBM Engineering Lifecycle Management, you should promptly apply the latest interim fixes provided by IBM.

  • Upgrade to iFix022 for version 7.0.3.
  • Upgrade to iFix010 for version 7.1.0.
  • Upgrade to iFix002 for version 7.2.0.

No workarounds are provided, so applying these fixes promptly is the recommended course of action.

Impact Analysis

This vulnerability can have a significant impact as it allows an attacker with administrative privileges to execute arbitrary remote code on the affected system. This can lead to full compromise of the system, including unauthorized access, data manipulation, or disruption of services.

The CVSS v3.1 base score of 7.2 indicates a high severity level, reflecting the potential for serious consequences if exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4051. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart