CVE-2026-12085
Received
Received - Intake
IBM UrbanCode Deploy Sensitive Data Exposure
Vulnerability report for CVE-2026-12085, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-30
Last updated on: 2026-06-30
Assigner: IBM Corporation
Description
Description
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | urbancode_deploy | From 7.3 (inc) to 7.3.2.18 (inc) |
| ibm | urban_code_deploy | From 7.3 (inc) to 7.3.2.18 (inc) |
| ibm | devops_deploy | From 8.0 (inc) to 8.0.1.13 (inc) |
| ibm | devops_deploy | From 8.1 (inc) to 8.1.2.6 (inc) |
| ibm | devops_deploy | From 8.2 (inc) to 8.2.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |