{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-09T09:23:42.095","vulnerabilities":[{"cve":{"id":"CVE-2026-2606","sourceIdentifier":"psirt@us.ibm.com","published":"2026-03-03T20:16:49.783","lastModified":"2026-03-05T20:55:35.433","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read access on the underlying server file system."},{"lang":"es","value":"IBM webMethods API Gateway (en las instalaciones) 10.11 hasta 10.11_Fix3210.15 a 10.15_Fix2711.1 a 11.1_Fix7 IBM webMethods API Management (en las instalaciones) no valida correctamente la entrada proporcionada por el usuario pasada al parámetro url en el endpoint /createapi. Un atacante puede modificar este parámetro para usar un esquema URI file:// en lugar del esquema HTTPS:// esperado, lo que permite el acceso de lectura de archivos arbitrario no autorizado en el sistema de archivos del servidor subyacente."}],"metrics":{"cvssMetricV31":[{"source":"psirt@us.ibm.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"psirt@us.ibm.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:webmethods_api_gateway:10.11:-:*:*:on-prem:*:*:*","matchCriteriaId":"7F534C50-6ADC-4BBC-83E5-973C72964118"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:webmethods_api_gateway:10.11:fix32:*:*:on-prem:*:*:*","matchCriteriaId":"2A86D588-0072-4EBE-9FA8-008A36A321D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:webmethods_api_gateway:10.15:-:*:*:on-prem:*:*:*","matchCriteriaId":"40E92E62-E820-47B9-BF03-5AF3E32B48D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:webmethods_api_gateway:10.15:fix27:*:*:on-prem:*:*:*","matchCriteriaId":"71FCF82E-9B8D-4636-8130-076316E4D35D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:webmethods_api_gateway:11.1:-:*:*:on-prem:*:*:*","matchCriteriaId":"978540F2-00C6-4F15-ADB8-32AFF3503460"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:webmethods_api_gateway:11.1:fix7:*:*:on-prem:*:*:*","matchCriteriaId":"02A837D5-879F-487E-A28F-55DB0C097F00"}]}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7261122","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]}]}}]}