CVE-2026-9074

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
08/07/2026
Last modified:
10/07/2026

Description

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:* 10.0.8.0 (including) 10.0.8.10 (excluding)
cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:* 12.1.0.0 (including) 12.1.1.0 (excluding)