CVE Catalog

CVE-2026-12086

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

IBM UrbanCode Deploy and IBM DevOps Deploy store potentially sensitive information in log files that could be read by a local user. The vulnerability affects versions 7.2 through 7.2.3.23, 7.3 through 7.3.2.18, and 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0.

Risk Assessment

A local user with access to log files could obtain confidential data such as passwords, API keys, or other secrets, leading to security breaches and potential data leakage.

Recommendation

It is recommended to immediately update to the latest available version of IBM UrbanCode Deploy or IBM DevOps Deploy and restrict access to log files to trusted users only.

Original NVD description (English source)

IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS