Security Bulletin: Due to the use of zlib, IBM EntireX is vulnerable to Improper Validation of Specified Quantity in Input vulnerabilities (CVE-2026-3381, CVE-2026-27171). — CVE-2026-3381

IBM · CVE-2026-3381

ID
CVE-2026-3381

Datum
2026-06-19

Activity
2026-06-19

Quelle
IBM

Risiko
critical

Zusammenfassung

CVE-2026-3381 is a Hinweis from IBM. Security Bulletin: Due to the use of zlib, IBM EntireX is vulnerable to Improper Validation of Specified Quantity in Input vulnerabilities (CVE-2026-3381, CVE-2026-27171). Severity/Threat: critical.

Produkt

IBM EntireX

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Mehr dazu

IBM 2026-W25

@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing

2026-06-20 GHSA-H5X8-XP6M-X6Q4

highGitHub GitHub 2026-W25

Anki's local HTTP server does not sufficiently validate requests

2026-06-20 GHSA-869J-R97X-HX2G

highGitHub GitHub 2026-W25

LangSmith SDK TracingMiddleware: Arbitrary server-side file read

2026-06-20 GHSA-F4XH-W4CJ-QXQ8

highGitHub GitHub 2026-W25

Lokka: Azure Resource Manager URL path validation issue

2026-06-20 GHSA-G2GW-Q38M-VJFC

highGitHub GitHub 2026-W25

pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

2026-06-20 GHSA-4XGF-CPJX-PC3J

mediumGitHub GitHub 2026-W25

Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager

2026-06-20 CVE-2026-5598

criticalIBM 2026-W25