CVE-2026-7253
Awaiting Analysis Awaiting Analysis - Queue
SSRF Vulnerability in IBM Watson Speech Services Cartridge

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: IBM Corporation

Description
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-7253
EUVD
EUVD-2026-38266
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
ibm sterling_file_gateway From 4.0.0 (inc) to 5.4 (exc)
ibm watson_speech_services_cartridge From 4.0.0 (inc) to 5.4 (exc)
ibm watson_speech_services_cartridge to 5.3.1 (inc)
ibm watson_speech_services_cartridge 5.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

IBM Watson Speech Services Cartridge, used in Sterling File Gateway, is vulnerable to Server-Side Request Forgery (SSRF) due to a flaw that allows authenticated attackers to send unauthorized requests from the system.

This vulnerability enables attackers to potentially perform network enumeration or assist in other attacks by exploiting the system to send requests it should not authorize.

Impact Analysis

The vulnerability could allow an authenticated attacker to send unauthorized requests from the affected system.

This may lead to network enumeration, which can expose internal network details, or facilitate other attacks that leverage the system's ability to make unauthorized requests.

Mitigation Strategies

To mitigate the CVE-2026-7253 vulnerability in IBM Watson Speech Services Cartridge used in Sterling File Gateway, you should upgrade to version 5.4 or apply Patch 7 to version 5.3.1 of the cartridge.

No workarounds are provided, so applying the recommended updates is the immediate and effective step to reduce the risk of exploitation.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart