Security Bulletin: IBM DevOps Deploy / UrbanCode Deploy (UCD) is affected by a HTTP Request/Response Smuggling vulnerablity in Apache Tomcat (CVE-2026-24880) — CVE-2026-24880

IBM · CVE-2026-24880

ID
CVE-2026-24880

Datum
2026-06-19

Activity
2026-06-19

Quelle
IBM

Risiko
high

Zusammenfassung

CVE-2026-24880 is a Hinweis from IBM. Security Bulletin: IBM DevOps Deploy / UrbanCode Deploy (UCD) is affected by a HTTP Request/Response Smuggling vulnerablity in Apache Tomcat (CVE-2026-24880) Severity/Threat: high.

Produkt

IBM UrbanCode Deploy

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Mehr dazu

IBM 2026-W25

@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing

2026-06-20 GHSA-H5X8-XP6M-X6Q4

highGitHub GitHub 2026-W25

Anki's local HTTP server does not sufficiently validate requests

2026-06-20 GHSA-869J-R97X-HX2G

highGitHub GitHub 2026-W25

LangSmith SDK TracingMiddleware: Arbitrary server-side file read

2026-06-20 GHSA-F4XH-W4CJ-QXQ8

highGitHub GitHub 2026-W25

Lokka: Azure Resource Manager URL path validation issue

2026-06-20 GHSA-G2GW-Q38M-VJFC

highGitHub GitHub 2026-W25

pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

2026-06-20 GHSA-4XGF-CPJX-PC3J

mediumGitHub GitHub 2026-W25

Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager

2026-06-20 CVE-2026-5598

criticalIBM 2026-W25