Sensitive Configuration Exposure in IBM UrbanCode Deploy and IBM DevOps Deploy
CVE-2026-12085

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Ucd - IBM Urbancode Deploy; Ucd - IBM Devops Deploy
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-12085?

IBM UrbanCode Deploy and IBM DevOps Deploy have a vulnerability that allows authenticated users to retrieve sensitive configurations and secrets through API responses. This exposure can potentially lead to further attacks, as the leaked information could be used to compromise the system's integrity. Users of affected versions should take immediate action to assess their environments and apply the necessary patches.

Affected Version(s)

UCD - IBM DevOps Deploy 8.0 <= 8.0.1.13

UCD - IBM DevOps Deploy 8.1.0 <= 8.1.2.6

UCD - IBM DevOps Deploy 8.2.0 <= 8.2.1.0

References

https://www.ibm.com/support/pages/node/7277577

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 12, 2026

CVE-2026-12085 Data

JSON