CVE-2026-12086
Received
Received - Intake
IBM UrbanCode Deploy Log File Information Disclosure
Vulnerability report for CVE-2026-12086, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-30
Last updated on: 2026-06-30
Assigner: IBM Corporation
Description
Description
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | urbancode_deploy | From 7.2 (inc) to 7.2.3.23 (inc) |
| ibm | urbancode_deploy | From 7.3 (inc) to 7.3.2.18 (inc) |
| ibm | urban_code_deploy | From 7.2 (inc) to 7.2.3.23 (inc) |
| ibm | urban_code_deploy | From 7.3 (inc) to 7.3.2.18 (inc) |
| ibm | devops_deploy | From 8.0 (inc) to 8.0.1.13 (inc) |
| ibm | devops_deploy | From 8.1 (inc) to 8.1.2.6 (inc) |
| ibm | devops_deploy | From 8.2 (inc) to 8.2.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |