CVE Catalog

CVE-2026-7253

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

An SSRF vulnerability in IBM Watson Speech Services Cartridge allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. The issue affects the Sterling File Gateway component used in speech runtimes.

Risk Assessment

The risk includes potential internal network scanning by an attacker and possible use of the system as a proxy for further attacks on other resources.

Recommendation

Apply the fix provided by IBM for IBM Watson Speech Services Cartridge immediately and update the Sterling File Gateway component to a non-vulnerable version.

Original NVD description (English source)

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS