Default Credential Vulnerability in IBM API Connect
CVE-2026-3144

8.1HIGH

Key Information:

Vendor

IBM

Vendor
CVE Published:
8 July 2026

What is CVE-2026-3144?

The vulnerability allows unauthorized access to IBM API Connect versions 12.1.0.0 through 12.1.0.3 due to the presence of default credentials. If not updated, attackers can exploit this weakness to gain access to the application before credential updates are enforced, posing significant security risks to organizations using the software. Immediate action is recommended to mitigate potential breaches.

Affected Version(s)

API Connect 12.1.0.0 < 12.1.0.3

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.