Sensitive Information Exposure in IBM MQ Operator
CVE-2026-2607

5.1MEDIUM

Key Information:

Vendor: IBM
Status: MQ Operator; Supplied MQ Advanced Container Images
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-2607?

IBM MQ Operator vulnerable versions may expose sensitive information in log files, allowing a local user to access potentially sensitive data. This situation highlights the importance of securing log files to prevent casual or unauthorized access, ensuring that potentially sensitive information is not exposed unintentionally.

Affected Version(s)

MQ Operator SC2: v3.2.0 <= 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29

supplied MQ Advanced container images SC2: 9.4.0.6

References

https://www.ibm.com/support/pages/node/7273145

vendor-advisorypatch

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Feb 16, 2026

CVE-2026-2607 Data

JSON