Zero Day MonitorZDM

← Back to list

5.9

CVE-2026-34043EXPLOITED

IBM · App Connect Enterprise

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When seri

Description

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5.

Affected Products

Vendor	Product	Versions
IBM	App Connect Enterprise	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	app connect enterprise	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories6h ago

[NEU] [mittel] IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

Tier A

Microsoft MSRC12d ago

CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects

→ No new info (linked only)

CVSS 3.15.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-400, CWE-834

PublishedMar 31, 2026

Last enriched6h agov2

Tags

data manipulationdenial of servicemultiple vulnerabilities

Trending Score53

Source articles2

Independent2

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to sen

MEDIUMCVE-2025-14923

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administe

HIGHCVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading

Multiple Vulnerabilities in IBM SPSS Allow Cross-Site Scripting, Denial of Service, and File Manipulation

HIGHCVE-2026-1343EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 31, 2026

Actively Exploited

Apr 1, 2026

Exploit Available

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: vendor, product

Apr 13, 2026

Version History

v2

Last enriched 6h ago

v2Tier B6h ago

Updated vendor to IBM, product to App Connect Enterprise, increased severity to HIGH, and marked exploit as available and actively exploited.

vendorproduct

via BSI Advisories

v111d ago

Initial creation