Misconfiguration in IBM PowerVM Novalink Increases Attack Surface
CVE-2026-14971

3.9LOW

Key Information:

Vendor

IBM

Vendor
CVE Published:
17 July 2026

What is CVE-2026-14971?

A misconfiguration in the IBM PowerVM Novalink APIs can create a broader attack surface, allowing unauthorized or unintended operations under non-default conditions. This vulnerability primarily affects specific versions of PowerVM Novalink, making it critical for users to assess their configurations and implement necessary security measures to mitigate potential exploits.

Affected Version(s)

PowerVM Novalink 2.2.02.2.12.2.1.1

PowerVM Novalink 2.3.02.3.0.12.3.12.3.2

References

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.