Unauthorized Access Vulnerability in IBM Engineering Lifecycle Management
CVE-2026-3660

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Management
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-3660?

A security vulnerability exists in IBM Engineering Lifecycle Management versions 7.0.3, 7.1.0, and 7.2.0 that allows an unauthenticated remote attacker to update crucial server property files. This unauthorized modification can grant the attacker access to sensitive application functionalities, leading to potential data exposure and compromise of application integrity. Immediate attention and patching are recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

Engineering Lifecycle Management 7.0.3

Engineering Lifecycle Management 7.1.0

Engineering Lifecycle Management 7.2.0

References

https://www.ibm.com/support/pages/node/7274079

vendor-advisorypatch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Mar 6, 2026

CVE-2026-3660 Data

JSON