CVE Catalog

CVE-2026-12085

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

IBM UrbanCode Deploy and IBM DevOps Deploy in vulnerable versions may disclose sensitive configurations and secrets to authenticated users in API responses, which could be used in further attacks against the system.

Risk Assessment

The risk involves potential leakage of confidential data such as passwords or API keys, which could enable an attacker to escalate privileges or take control of the system.

Recommendation

It is recommended to immediately upgrade to the latest available version of IBM DevOps Deploy or apply the relevant security patches provided by the vendor.

Original NVD description (English source)

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS