Arbitrary Command Execution in IBM Total Storage Service Console
CVE-2026-5935

7.3HIGH

Key Information:

Vendor: IBM
Status: Total Storage Service Console (tssc) / Ts4500 Imc
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-5935?

The IBM Total Storage Service Console (TSSC) is afflicted by a vulnerability that allows an unauthenticated user to execute arbitrary commands with standard user privileges. This issue stems from inadequate validation of user-supplied input, potentially leading to unauthorized system access. Users of TS4500 IMC versions 9.2 through 9.6 are particularly susceptible and are encouraged to review the vendor advisory for mitigation strategies.

Affected Version(s)

Total Storage Service Console (TSSC) / TS4500 IMC 9.2.0 <= 9.6.0

References

https://www.ibm.com/support/pages/node/7270127

vendor-advisorypatch

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-5935 Data

JSON