XML External Entity Injection Vulnerability in IBM Engineering Lifecycle Management
CVE-2026-3603

7.1HIGH

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Management
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-3603?

IBM Engineering Lifecycle Management versions 7.0.3 through 7.2.0 are susceptible to an XML external entity injection vulnerability. This weakness arises when processing XML data, allowing an authenticated attacker to exploit it. By manipulating XML input, attackers can potentially expose sensitive information or deplete system memory resources, leading to service disruptions.

Affected Version(s)

Engineering Lifecycle Management 7.0.3 ( Interim Fix 001

Engineering Lifecycle Management 7.1.0 ( Interim Fix 001

Engineering Lifecycle Management 7.2.0 and 7.2.0 Interim Fix 001

References

https://www.ibm.com/support/pages/node/7274078

vendor-advisorypatch

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Mar 5, 2026

CVE-2026-3603 Data

JSON