Data Leak Vulnerability in IBM Business Automation Workflow Containers
CVE-2026-1248

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Business Automation Workflow Containers And Traditional
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-1248?

The vulnerability affects IBM Business Automation Workflow, allowing sensitive information regarding its database structure to be disclosed through error messages. This information leak could be exploited by an attacker to gain insights into system architecture, potentially leading to further attacks. It is essential for users to evaluate their exposure and apply any available patches to secure their systems.

Affected Version(s)

Business Automation Workflow containers and traditional 25.0.1

Business Automation Workflow containers and traditional 25.0.0 <= 25.0.0 Interim Fix 003

Business Automation Workflow containers and traditional 24.0.1 <= 24.0.1 Interim Fix 006

References

https://www.ibm.com/support/pages/node/7271445

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Jan 20, 2026

CVE-2026-1248 Data

JSON