CVE-2026-12085
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
IBM UrbanCode Deploy and IBM DevOps Deploy in vulnerable versions may disclose sensitive configurations and secrets to authenticated users in API responses, which could be used in further attacks against the system.
Risk Assessment
The risk involves potential leakage of confidential data such as passwords or API keys, which could enable an attacker to escalate privileges or take control of the system.
Recommendation
It is recommended to immediately upgrade to the latest available version of IBM DevOps Deploy or apply the relevant security patches provided by the vendor.
Original NVD description (English source)
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

