Vulnerability-Lookup

CVE-2025-36126 (GCVE-0-2025-36126)

Vulnerability from cvelistv5 – Published: 2026-05-26 15:52 – Updated: 2026-05-27 17:20

Title

IBM Cognos Analytics is affected by Cross-site scripting.

Summary

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7272628	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
IBM	Cognos Analytics	Affected: 11.2.0 Affected: 12.0 Affected: 12.1.0 cpe:2.3:a:ibm:cognos_analytics:11.2.0:::::::* cpe:2.3:a:ibm:cognos_analytics:12.0:::::::* cpe:2.3:a:ibm:cognos_analytics:12.0.0:::::::* cpe:2.3:a:ibm:cognos_analytics:12.1.0:::::::*
IBM	Cognos Transformer	Affected: 12.0 Affected: 11.2.4 Affected: 12.1.0 cpe:2.3:a:ibm:cognos_transformer:12.0:::::::* cpe:2.3:a:ibm:cognos_transformer:12.0.0:::::::* cpe:2.3:a:ibm:cognos_transformer:11.2.4:::::::* cpe:2.3:a:ibm:cognos_transformer:12.1.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36126",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T17:20:04.656302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T17:20:14.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
          ],
          "product": "Cognos Analytics",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.2.0"
            },
            {
              "status": "affected",
              "version": "12.0"
            },
            {
              "status": "affected",
              "version": "12.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
          ],
          "product": "Cognos Transformer",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.0"
            },
            {
              "status": "affected",
              "version": "11.2.4"
            },
            {
              "status": "affected",
              "version": "12.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e"
            }
          ],
          "value": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T12:05:00.708Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7272628"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7270262\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7269268\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7258071\" rel=\"noopener noreferrer nofollow\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading to latest versions\n\nProduct(s)Version(s) number and/or range\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6 IBM Cognos Analytics 11.2.4 Fix Pack 7 https://www.ibm.com/support/pages/node/7270262 IBM Cognos Analytics12.0.0 - 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 2 https://www.ibm.com/support/pages/node/7269268 IBM Cognos Analytics12.1.0 - 12.1.1 IF1 IBM Cognos Analytics 12.1.2 https://www.ibm.com/support/pages/node/7258071"
        }
      ],
      "title": "IBM Cognos Analytics is affected by Cross-site scripting.",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36126",
    "datePublished": "2026-05-26T15:52:49.002Z",
    "dateReserved": "2025-04-15T21:16:18.171Z",
    "dateUpdated": "2026-05-27T17:20:14.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-36126",
      "date": "2026-06-19",
      "epss": "0.00185",
      "percentile": "0.08143"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-36126\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-05-26T17:16:28.713\",\"lastModified\":\"2026-06-01T17:30:40.807\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndExcluding\":\"12.1.2\",\"matchCriteriaId\":\"30BF0C71-FEDA-4D86-BE94-54D67AA482BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348B7AB4-F304-461B-AC45-D8656AB73660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AB1B390-838B-4572-ACA0-2CFFDDB45EB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D500E11C-4A99-460F-B16A-4DA5895149D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC703EBB-A37C-465C-8F7C-3B64AB3A71E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA6708A-851A-458C-81CC-0AE78CB0F0C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1D81212-AFFE-4A73-AAC1-E558973FC452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DC144D-62FC-4808-A77A-642871C1F8FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A61B920-B490-48A8-BF00-13B8854683FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F65BC6D-9A9D-45B9-919B-2855586C4F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4:*:*:*:*:*:*\",\"matchCriteriaId\":\"684FA3C7-ABEA-4CB8-8D88-4BA18F1A73FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack5:*:*:*:*:*:*\",\"matchCriteriaId\":\"3372238E-BFA8-4342-A523-9DB9628D11B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack6:*:*:*:*:*:*\",\"matchCriteriaId\":\"0644AF6B-BBEB-4B56-A6A6-D6BE073DA900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0259B4F-E86A-44E5-A1FA-39A57E915822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF69734-E894-49E2-9295-03330FE19F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"28C2275C-A326-4914-BD31-923E0976DA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"C19D8CDA-E883-4F76-ACEE-FE16A6AB75A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF2CD238-A72E-4689-B8E7-2949A0E618E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"210893AF-E67A-49C1-80FC-59A1F1C1B32F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFDD4A63-2F81-48C8-8400-E1BE15C8EA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF83D3E-FB2F-4A73-A18B-F55CB98124D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"42EB9F80-DCF1-474F-A5A5-7BC9F0B3BF58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"706340D8-0E0B-4775-B90A-E696CFFB9901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"651FEB1B-83C8-4D28-8944-E8C182AC93B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED100CC-0C88-41B9-8742-4AD51C105527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.4:fixpack1:*:*:*:*:*:*\",\"matchCriteriaId\":\"206ABB8E-0FEB-4366-B547-514A3FF8138E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C54FA39-7D14-434E-A9FB-5606A3A08185\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAB2758C-ECD5-4186-823A-5DB55265BC55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BC347B-50AB-440E-A2C0-904DC9704581\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF70630-4FCC-42CB-AEC0-0341335E38CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91020D54-7072-4B79-AC60-DD68E8F36C7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1B1D10C-E219-4536-89AB-F7B6A16B0A97\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7272628\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36126\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-27T17:20:04.656302Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-27T17:20:10.147Z\"}}], \"cna\": {\"title\": \"IBM Cognos Analytics is affected by Cross-site scripting.\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Cognos Analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.2.0\"}, {\"status\": \"affected\", \"version\": \"12.0\"}, {\"status\": \"affected\", \"version\": \"12.1.0\"}]}, {\"cpes\": [\"cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Cognos Transformer\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.0\"}, {\"status\": \"affected\", \"version\": \"11.2.4\"}, {\"status\": \"affected\", \"version\": \"12.1.0\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerability now by upgrading to latest versions\\n\\nProduct(s)Version(s) number and/or range\\u00a0Remediation/Fix/InstructionsIBM Cognos Analytics11.2.0 - 11.2.4 FP6 IBM Cognos Analytics 11.2.4 Fix Pack 7 https://www.ibm.com/support/pages/node/7270262 IBM Cognos Analytics12.0.0 - 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 2 https://www.ibm.com/support/pages/node/7269268 IBM Cognos Analytics12.1.0 - 12.1.1 IF1 IBM Cognos Analytics 12.1.2 https://www.ibm.com/support/pages/node/7258071\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly recommends addressing the vulnerability now by upgrading to latest versions\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion(s) number and/or range\\u00a0\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fix/Instructions\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e11.2.0 - 11.2.4 FP6\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.ibm.com/support/pages/node/7270262\\\" rel=\\\"noopener noreferrer nofollow\\\"\u003eIBM Cognos Analytics 11.2.4 Fix Pack 7\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.0.0 - 12.0.4 FP1\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.ibm.com/support/pages/node/7269268\\\" rel=\\\"noopener noreferrer nofollow\\\"\u003eIBM Cognos Analytics 12.0.4 Fix Pack 2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Cognos Analytics\u003c/td\u003e\u003ctd\u003e12.1.0 - 12.1.1 IF1\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.ibm.com/support/pages/node/7258071\\\" rel=\\\"noopener noreferrer nofollow\\\"\u003eIBM Cognos Analytics 12.1.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7272628\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-05-27T12:05:00.708Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-36126\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T17:20:14.707Z\", \"dateReserved\": \"2025-04-15T21:16:18.171Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-05-26T15:52:49.002Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0606

Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x sans le correctif de sécurité Fix Pack 7
IBM	N/A	Robotic Process Automation for Cloud Pak versions 30.0.x antérieures à 30.0.2
IBM	Cognos Analytics	Cognos Analytics versions 12.1.x antérieures à 12.1.2
IBM	N/A	Robotic Process Automation for Cloud Pak versions 23.0.x antérieures à 23.0.20.6
IBM	AIX	Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de sécurité Fix Pack 1
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x sans le correctif de sécurité Fix Pack 2

References

Title

Publication Time

FKIE_CVE-2025-36126

Vulnerability from fkie_nvd - Published: 2026-05-26 17:16 - Updated: 2026-06-17 09:14

Severity

6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Summary

References

	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7272628	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	cognos_analytics	*
ibm	cognos_analytics	11.2
ibm	cognos_analytics	11.2.0
ibm	cognos_analytics	11.2.1
ibm	cognos_analytics	11.2.2
ibm	cognos_analytics	11.2.3
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	11.2.4
ibm	cognos_analytics	12.0.0
ibm	cognos_analytics	12.0.1
ibm	cognos_analytics	12.0.2
ibm	cognos_analytics	12.0.3
ibm	cognos_analytics	12.0.3
ibm	cognos_analytics	12.0.3
ibm	cognos_analytics	12.0.4
ibm	cognos_analytics	12.0.4
ibm	cognos_analytics	12.0.4
ibm	cognos_analytics	12.0.4
ibm	cognos_analytics	12.0.4
ibm	cognos_transformer	11.2.4
ibm	cognos_transformer	12.0
ibm	cognos_transformer	12.1.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_analytics:12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_analytics:12.1.0:*:*:*:*:*:*:*"
          ],
          "product": "Cognos Analytics",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.2.0"
            },
            {
              "status": "affected",
              "version": "12.0"
            },
            {
              "status": "affected",
              "version": "12.1.0"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_transformer:12.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*"
          ],
          "product": "Cognos Transformer",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.0"
            },
            {
              "status": "affected",
              "version": "11.2.4"
            },
            {
              "status": "affected",
              "version": "12.1.0"
            }
          ]
        }
      ],
      "source": "psirt@us.ibm.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30BF0C71-FEDA-4D86-BE94-54D67AA482BA",
              "versionEndExcluding": "12.1.2",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "348B7AB4-F304-461B-AC45-D8656AB73660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB1B390-838B-4572-ACA0-2CFFDDB45EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D500E11C-4A99-460F-B16A-4DA5895149D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC703EBB-A37C-465C-8F7C-3B64AB3A71E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA6708A-851A-458C-81CC-0AE78CB0F0C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "A1D81212-AFFE-4A73-AAC1-E558973FC452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack1:*:*:*:*:*:*",
              "matchCriteriaId": "07DC144D-62FC-4808-A77A-642871C1F8FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack2:*:*:*:*:*:*",
              "matchCriteriaId": "2A61B920-B490-48A8-BF00-13B8854683FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack3:*:*:*:*:*:*",
              "matchCriteriaId": "1F65BC6D-9A9D-45B9-919B-2855586C4F1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack4:*:*:*:*:*:*",
              "matchCriteriaId": "684FA3C7-ABEA-4CB8-8D88-4BA18F1A73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack5:*:*:*:*:*:*",
              "matchCriteriaId": "3372238E-BFA8-4342-A523-9DB9628D11B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:fixpack6:*:*:*:*:*:*",
              "matchCriteriaId": "0644AF6B-BBEB-4B56-A6A6-D6BE073DA900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_1:*:*:*:*:*:*",
              "matchCriteriaId": "C0259B4F-E86A-44E5-A1FA-39A57E915822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_2:*:*:*:*:*:*",
              "matchCriteriaId": "CEF69734-E894-49E2-9295-03330FE19F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_3:*:*:*:*:*:*",
              "matchCriteriaId": "28C2275C-A326-4914-BD31-923E0976DA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_4:*:*:*:*:*:*",
              "matchCriteriaId": "C19D8CDA-E883-4F76-ACEE-FE16A6AB75A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:11.2.4:interim_fix_5:*:*:*:*:*:*",
              "matchCriteriaId": "AF2CD238-A72E-4689-B8E7-2949A0E618E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "210893AF-E67A-49C1-80FC-59A1F1C1B32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFDD4A63-2F81-48C8-8400-E1BE15C8EA3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF83D3E-FB2F-4A73-A18B-F55CB98124D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "42EB9F80-DCF1-474F-A5A5-7BC9F0B3BF58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_1:*:*:*:*:*:*",
              "matchCriteriaId": "706340D8-0E0B-4775-B90A-E696CFFB9901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.3:interim_fix_2:*:*:*:*:*:*",
              "matchCriteriaId": "651FEB1B-83C8-4D28-8944-E8C182AC93B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "CED100CC-0C88-41B9-8742-4AD51C105527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.4:fixpack1:*:*:*:*:*:*",
              "matchCriteriaId": "206ABB8E-0FEB-4366-B547-514A3FF8138E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_1:*:*:*:*:*:*",
              "matchCriteriaId": "3C54FA39-7D14-434E-A9FB-5606A3A08185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_2:*:*:*:*:*:*",
              "matchCriteriaId": "BAB2758C-ECD5-4186-823A-5DB55265BC55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_analytics:12.0.4:interim_fix_3:*:*:*:*:*:*",
              "matchCriteriaId": "60BC347B-50AB-440E-A2C0-904DC9704581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_transformer:11.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF70630-4FCC-42CB-AEC0-0341335E38CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_transformer:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "91020D54-7072-4B79-AC60-DD68E8F36C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:cognos_transformer:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1B1D10C-E219-4536-89AB-F7B6A16B0A97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    }
  ],
  "id": "CVE-2025-36126",
  "lastModified": "2026-06-17T09:14:31.017",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-36126",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-05-27T17:20:04.656302Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-05-26T17:16:28.713",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7272628"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

GHSA-36W6-VPXM-3R3C

Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 18:31

Details

Severity

6.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-36126"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-26T17:16:28Z",
    "severity": "MODERATE"
  },
  "details": "IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
  "id": "GHSA-36w6-vpxm-3r3c",
  "modified": "2026-05-26T18:31:45Z",
  "published": "2026-05-26T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36126"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7272628"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-36126 (GCVE-0-2025-36126)

CERTFR-2026-AVI-0606

Solutions

FKIE_CVE-2025-36126

GHSA-36W6-VPXM-3R3C

Tags

Sightings

Nomenclature