Security Bulletin: Due to use of core-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by cross-site scripting (XSS) issue. — CVE-2026-22610

IBM · CVE-2026-22610

ID
CVE-2026-22610

Date
2026-06-02

Activity
2026-06-02

Source
IBM

Threat
medium

Summary

CVE-2026-22610 is a advisory from IBM. Security Bulletin: Due to use of core-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by cross-site scripting (XSS) issue. Severity/Threat: medium.

Product

IBM

What to do

General, cautious steps (verify details in the official source):

Review exposure and plan remediation based on risk and environment.
Identify affected product versions in your inventory and verify whether you are impacted.
Apply vendor patches/updates or recommended mitigations as soon as available.
Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

2026-06-15 CVE-2026-9319

criticalIBM 2026-W25

Security Bulletin: Security vulnerability has been identified in dojo library shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2018-1000665)

2026-06-15 CVE-2018-1000665

mediumIBM 2026-W25

Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

2026-06-15 CVE-2026-9330

criticalIBM 2026-W25

Security Bulletin: Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

2026-06-12 CVE-2026-4502

mediumIBM 2026-W24

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.x) Platform - Multiple Vulnerabilities in IBM Java

2026-06-12 CVE-2026-21945

highIBM 2026-W24

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed

2026-06-12 CVE-2025-33128

mediumIBM 2026-W24