Remote Code Execution in IBM Engineering Lifecycle Management Products
CVE-2026-4051

7.2HIGH

Key Information:

Vendor: IBM
Status: Engineering Lifecycle Management
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-4051?

IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 are susceptible to a security flaw that enables attackers with administrative privileges to execute arbitrary code remotely. This vulnerability arises from an exposed method that lacks adequate restrictions, potentially allowing unauthorized access and manipulation of the system.

Affected Version(s)

Engineering Lifecycle Management 7.0.3

Engineering Lifecycle Management 7.1.0

Engineering Lifecycle Management 7.2.0

References

https://www.ibm.com/support/pages/node/7274077

vendor-advisorypatch

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Mar 12, 2026

CVE-2026-4051 Data

JSON