Skip to main content

IBM Qiskit SDK CVE-2026-4870

| EUVDEUVD-2026-36575 HIGH
Uncontrolled Recursion (CWE-674)
2026-06-12 ibm
7.5
CVSS 3.1 · Vendor: ibm
Share

Severity by source

Vendor (ibm) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Parser crash is reachable over the network with no auth or interaction when Qiskit ingests untrusted input; impact is availability only, no confidentiality or integrity loss.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorVendor: ibm

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 21:23 vuln.today

DescriptionCVE.org

IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.

AnalysisAI

Denial of service in IBM Qiskit SDK versions 0.43.0 through 2.5.0 allows remote attackers to crash the parser via uncontrolled recursion, triggering a segmentation fault. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network-reachable exploitation with high availability impact, though no public exploit identified at time of analysis. Affects quantum-computing workloads that ingest untrusted Qiskit/OpenQASM input.

Technical ContextAI

Qiskit SDK is IBM's open-source Python framework for building, transpiling, and running quantum circuits, widely used to interact with IBM Quantum hardware and simulators. The flaw resides in the SDK's parser component, which recurses without bounds on attacker-controlled input - a classic CWE-674 (Uncontrolled Recursion) class issue that exhausts the stack and produces a SIGSEGV in the underlying CPython process. The CPE 'cpe:2.3:a:ibm:qiskit_sdk:*' confirms the application-level scope, meaning any service or notebook that parses Qiskit source (e.g., OpenQASM or serialized circuits) from a non-trusted source inherits the risk.

RemediationAI

Patch available per vendor advisory - upgrade Qiskit SDK to the fixed release identified in IBM's bulletin at https://www.ibm.com/support/pages/node/7276123 (exact fix version not enumerated in the provided intelligence, so confirm against that advisory before deploying). As compensating controls while patching, refuse to parse Qiskit/OpenQASM/QPY artifacts from untrusted sources, place parsing inside a sandboxed worker process with a Python recursion limit (sys.setrecursionlimit) and an OS-level stack/CPU rlimit so a crash kills only the worker, and add size and nesting-depth checks at the API boundary that accepts circuit submissions; the trade-off is that legitimate deeply-nested circuits may be rejected and worker restarts add latency.

Share

CVE-2026-4870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy