CVE-2026-12086
MediumCVSS 6.2Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
IBM UrbanCode Deploy and IBM DevOps Deploy store potentially sensitive information in log files that could be read by a local user. The vulnerability affects versions 7.2 through 7.2.3.23, 7.3 through 7.3.2.18, and 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0.
Risk Assessment
A local user with access to log files could obtain confidential data such as passwords, API keys, or other secrets, leading to security breaches and potential data leakage.
Recommendation
It is recommended to immediately update to the latest available version of IBM UrbanCode Deploy or IBM DevOps Deploy and restrict access to log files to trusted users only.
Original NVD description (English source)
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.

