CVE-2026-15322
Received
Received - Intake
Session Token Exposure in IBM Engineering AI Hub
Vulnerability report for CVE-2026-15322, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-17
Last updated on: 2026-07-17
Assigner: IBM Corporation
Description
Description
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | engineering_ai_hub | 1.0.0 |
| ibm | engineering_ai_hub | 1.1.0 |
| ibm | engineering_ai_hub | 1.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-598 | The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. |