Security Bulletin: Due to use of spring-security-core-6.5.9.jar, IBM Sterling Connect:Direct Web Services is vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition — CVE-2026-22751
IBM · CVE-2026-22751
ID
CVE-2026-22751
CVE-2026-22751
Date
Activity
Source
IBM
IBM
Threat
medium
medium
Summary
CVE-2026-22751 is a advisory from IBM. Security Bulletin: Due to use of spring-security-core-6.5.9.jar, IBM Sterling Connect:Direct Web Services is vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition Severity/Threat: medium.
Product
IBM Sterling Connect:Direct Web Services
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.