CVE-2026-12084
Received
Received - Intake
Cross-Origin Resource Sharing (CORS) Vulnerability in IBM DevOps Deploy
Vulnerability report for CVE-2026-12084, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-30
Last updated on: 2026-06-30
Assigner: IBM Corporation
Description
Description
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | devops_deploy | From 8.1 (inc) to 8.1.2.6 (inc) |
| ibm | devops_deploy | From 8.2 (inc) to 8.2.1.0 (inc) |
| ibm | ibm_devops_deploy | From 8.1 (inc) to 8.1.2.6 (inc) |
| ibm | ibm_devops_deploy | From 8.2 (inc) to 8.2.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |