Unauthenticated SQL Injection Vulnerability in IBM API Connect
CVE-2026-9074
9.1CRITICAL
What is CVE-2026-9074?
IBM API Connect versions 10.0.8.0 to 10.0.8.9 and 12.1.0.0 to 12.1.0.3 contain an unauthenticated SQL injection vulnerability in the password reset feature. This flaw allows attackers to manipulate SQL queries, potentially gaining unauthorized access to sensitive data or executing malicious commands within the application's database. Users are advised to apply available patches and implement best security practices to mitigate risks associated with this vulnerability.
Affected Version(s)
API Connect 10.0.8.0 < 10.0.8.9
API Connect 12.0