IBM: Six CVEs Across Five Products Disclosed in Two-Day Batch

Key findings

• Six CVEs across five IBM product lines disclosed in a single 48-hour window
• Most severe: CVE-2026-7870 (CVSS 8.8) — unqualified library call in IBM i 7.3–7.6
• Langflow hit twice: IDOR bypass (CVE-2026-7787) and SSRF (CVE-2026-3341)
• Qiskit SDK parser recursion bug (CVE-2026-4870) enables denial of service
• QRadar EDR stores credentials in plain text (CVE-2024-45636), a delayed disclosure
• No evidence of in-the-wild exploitation reported at time of disclosure

IBM disclosed six vulnerabilities across five distinct product lines on June 11–12, 2026, a rare multi-product batch that spans quantum computing SDKs, enterprise AI platforms, IBM i operating systems, DevOps tooling, and security analytics. The batch includes two High-severity bugs in IBM i and IBM Langflow, alongside medium-severity flaws in Qiskit, DevOps Plan, Langflow Desktop, and QRadar EDR. While the affected products serve vastly different use cases, the disclosure highlights the breadth of IBM's attack surface and the need for administrators to track patches across the vendor's portfolio.

Privilege escalation in IBM i

The most severe vulnerability in the batch is CVE-2026-7870 (CVSS 8.8, High), an unqualified library call in IBM i versions 7.3, 7.4, 7.5, and 7.6. An attacker who can execute code on the system can exploit the unqualified call to run user-controlled code with administrator privileges. IBM i is a widely deployed operating system for enterprise workloads, making this a high-priority patch for organizations running the affected releases.

Authentication bypass and SSRF in Langflow

Two vulnerabilities target IBM's Langflow platform, a low-code AI workflow builder. CVE-2026-7787 (CVSS 7.5, High) affects Langflow OSS 1.0.0 through 1.9.1 and involves insecure direct object references (IDOR) that let an authenticated user read or modify sensitive information by bypassing authentication checks. Separately, CVE-2026-3341 (CVSS 5.4, Medium) affects Langflow Desktop 1.0.0 through 1.9.2 and is a server-side request forgery (SSRF) flaw that could allow an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration or further attacks.

**Denial of service in Qiskit SDK**

CVE-2026-4870 (CVSS 7.5, High) affects IBM Qiskit SDK versions 0.43.0 through 2.5.0, the company's open-source quantum computing framework. The vulnerability is caused by uncontrolled recursion in the parser, which an attacker can trigger to cause a segmentation fault and denial of service. While the CVSS score is High, the impact is limited to availability, and exploitation requires the ability to supply crafted input to the parser.

**HTTP header injection in DevOps Plan**

CVE-2026-4096 (CVSS 6.5, Medium) affects IBM DevOps Plan 3.0.0 through 3.0.6. The vulnerability stems from improper validation of HOST headers, enabling HTTP header injection. An attacker could exploit this to conduct cross-site scripting, cache poisoning, or session hijacking attacks against the vulnerable system.

Plain-text credentials in QRadar EDR

CVE-2024-45636 (CVSS 4.1, Medium) is notable for its older CVE year (2024), suggesting it was discovered some time ago but only publicly disclosed now. IBM Security QRadar EDR versions 3.12 through 3.12.24 store user credentials in plain text, readable by a local privileged user. While the CVSS score is low due to the requirement for local privileged access, the exposure of credentials in plain text is a fundamental security concern.

Patch status

IBM has released advisories for each vulnerability. Administrators should consult the IBM Security Bulletin for their specific product to obtain patch details and version updates. Given the cross-product nature of this batch, organizations running multiple IBM products should verify they have applied the relevant fixes for each affected component.

This batch serves as a reminder that IBM's security disclosures are not limited to a single flagship product; the company's diverse portfolio means defenders must monitor advisories across mainframes, AI platforms, quantum computing tools, and security products alike.