CVE-2026-15995
Received Received - Intake

Race Condition in IBM Cognos Analytics 12.1.3

Vulnerability report for CVE-2026-15995, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: IBM Corporation

Description

IBM Cognos Analytics 12.1.3 GA Version with build number through 12.1.3-2606251736 could allow an attacker to obtain incorrect report summary results or cause report-processing failures due to a race condition in the Agentic AI assistant's concurrent request-handling logic when multiple authenticated users submit report-related tasks simultaneously.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm cognos_analytics to 12.1.3-2606251736 (inc)
ibm cognos_analytics to 12.1.3-2607110822 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in IBM Cognos Analytics 12.1.3 where the Agentic AI assistant mishandles concurrent requests from multiple authenticated users. This can lead to incorrect report summaries or report-processing failures due to improper synchronization in handling simultaneous tasks.

Detection Guidance

Detecting this vulnerability requires checking the IBM Cognos Analytics version and build number. Compare your installed version against the patched build 12.1.3-2607110822. Use the IBM Cognos Analytics interface or logs to verify if concurrent report requests by multiple users cause incorrect summaries or processing errors.

Impact Analysis

The vulnerability may cause users to receive incorrect report results or encounter errors when multiple users submit the same report-related tasks simultaneously. This could disrupt workflows and reduce trust in report accuracy.

Compliance Impact

The vulnerability may lead to incorrect report summaries or processing errors due to a race condition in concurrent request handling. This could result in unauthorized data exposure or integrity issues, potentially violating GDPR's accuracy principle or HIPAA's integrity requirements if sensitive data is involved.

Mitigation Strategies

Immediately update IBM Cognos Analytics to the patched build 12.1.3-2607110822 released on July 16, 2026. Avoid running concurrent report tasks for multiple users until the update is applied. Monitor report processing logs for errors or incorrect summaries as a sign of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15995. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart