Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs. — CVE-2026-34073

IBM · CVE-2026-34073

ID
CVE-2026-34073

Date
2026-06-01

Updated
2026-06-02

Activity
2026-06-02

Source
IBM

Threat
critical

Summary

CVE-2026-34073 is a advisory from IBM. Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs. Severity/Threat: critical. Source updated on 2026-06-02.

Product

IBM

What to do

General, cautious steps (verify details in the official source):

Prioritize patching or mitigation immediately (treat as actively risky).
Identify affected product versions in your inventory and verify whether you are impacted.
Apply vendor patches/updates or recommended mitigations as soon as available.
Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU

2026-06-16 CVE-2026-34268

highIBM 2026-W25

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2026 - Includes OpenJDK April 2026 CPU plus CVE-2026-6918

2026-06-16 CVE-2026-34282

highIBM 2026-W25

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module file-type ( CVE-2026-31808 )

2026-06-16 CVE-2026-31808

mediumIBM 2026-W25

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module path-to-regexp

2026-06-16 CVE-2026-4867

highIBM 2026-W25

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs (CVE-2026-6322, CVE-2026-45740 & CVE-2026-6321)

2026-06-16 CVE-2026-6322

highIBM 2026-W25

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by insufficient verification of data authenticity in PyJWT

2026-06-16 CVE-2026-32597

highIBM 2026-W25