Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2613 articles · 173347 vulns · 37/41 feeds (7d)
← Back to list
9.1
CVE-2026-9074PATCHED
ibm · api connect

IBM API Connect SQL Injection

Description

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.

Affected Products

VendorProductVersions
ibmapi connect10.0.8.0, 12.0

References

  • https://www.ibm.com/support/pages/node/7278909(vendor-advisory, patch)
  • https://www.ibm.com/support/pages/node/7278218(vendor-advisory, patch)

Related News (1 articles)

Tier C
VulDB21h ago
CVE-2026-9074 | IBM API Connect up to 10.0.6.0 Password Reset sql injection
→ No new info (linked only)
CVSS 3.19.1 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited❌ No
Patch available
10.0.8.9
CWECWE-89
PublishedJul 8, 2026
Last enriched21h agov2
Trending Score41
Source articles1
Independent1
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHPRE-CVE
Multiple Vulnerabilities in IBM Operational Decision Manager Allow Code Execution, Privilege Escalation, DoS, Information Disclosure, File Manipulation, and Security Bypass
Trending: 27
HIGHCVE-2026-3144
IBM API Connect Default Credentials
Trending: 25
CRITICALCVE-2026-10109
IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling
Trending: 21
CRITICALCVE-2026-7663
Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
Trending: 16
CRITICALCVE-2026-7803
Flow Validation Bypass via Empty Component Type Field
Trending: 16

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 8, 2026
Discovered by ZDM
Jul 8, 2026
Updated: affectedVersions
Jul 8, 2026
Patch Available
Jul 9, 2026

Version History

v2
Last enriched 21h ago
v2Tier C21h ago

Added affected version 10.0.6.0 and updated exploit availability to false.

affectedVersions
via VulDB
v122h ago

Initial creation