XML External Entity Injection Vulnerability in IBM Business Automation Manager
CVE-2026-13449

7.6HIGH

Key Information:

Vendor: IBM
Status: Business Automation Manager Open Editions
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-13449?

IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 are susceptible to an XML external entity injection attack. This vulnerability arises when the application processes XML data, allowing attackers to exploit the system. By utilizing this vulnerability, remote attackers could potentially access sensitive information or deplete memory resources, leading to service disruption and data leaks. It is imperative for users of affected versions to apply available patches to safeguard their systems against this vulnerability.

Affected Version(s)

Business Automation Manager Open Editions 9.0.0 <= 9.4.2

References

https://www.ibm.com/support/pages/node/7278532

vendor-advisorypatch

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 26, 2026

CVE-2026-13449 Data

JSON