CVE-2026-12086
Received Received - Intake

IBM UrbanCode Deploy Log File Information Disclosure

Vulnerability report for CVE-2026-12086, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: IBM Corporation

Description

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-07-01
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
ibm urbancode_deploy From 7.2 (inc) to 7.2.3.23 (inc)
ibm urbancode_deploy From 7.3 (inc) to 7.3.2.18 (inc)
ibm urban_code_deploy From 7.2 (inc) to 7.2.3.23 (inc)
ibm urban_code_deploy From 7.3 (inc) to 7.3.2.18 (inc)
ibm devops_deploy From 8.0 (inc) to 8.0.1.13 (inc)
ibm devops_deploy From 8.1 (inc) to 8.1.2.6 (inc)
ibm devops_deploy From 8.2 (inc) to 8.2.1.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-12086 is a vulnerability in IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy where sensitive information may be inserted into log files during installation.

These log files could then be accessed by a local user, potentially exposing sensitive data.

Affected versions include UCD 7.2 through 7.2.3.23, 7.3 through 7.3.2.18, and IBM DevOps Deploy versions 8.0 through 8.2.1.0.

Compliance Impact

The vulnerability involves the storage of potentially sensitive information in log files that could be accessed by a local user. This exposure of sensitive data could impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require the protection of sensitive information from unauthorized access.

However, the provided information does not explicitly describe the specific effects on compliance with these standards or regulations.

Impact Analysis

This vulnerability can lead to unauthorized local users accessing sensitive information stored in log files.

Since the sensitive data is logged during installation, exposure could compromise confidentiality.

The CVSS base score of 6.2 indicates a moderate severity impact, primarily affecting confidentiality without impacting integrity or availability.

Mitigation Strategies

To mitigate this vulnerability, IBM recommends upgrading affected IBM UrbanCode Deploy and IBM DevOps Deploy versions to the following fixed versions or later:

  • Upgrade IBM UrbanCode Deploy to version 7.2.3.24 or later.
  • Upgrade IBM UrbanCode Deploy to version 7.3.2.19 or later.
  • Upgrade IBM DevOps Deploy to version 8.0.1.14 or later.
  • Upgrade IBM DevOps Deploy to version 8.1.2.7 or later.
  • Upgrade IBM DevOps Deploy to version 8.2.2.0 or later.

No workarounds are provided for this vulnerability, so upgrading is the primary remediation step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12086. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart