Webmethods Api Gateway

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-2606 MEDIUM This Month

Improper input validation in IBM webMethods API Gateway and API Management allows authenticated attackers to read arbitrary files on the server by supplying a file:// URI to the /createapi endpoint instead of the expected https:// schema. Affected versions include webMethods API Gateway 10.11 through 11.1_Fix7 and webMethods API Management on-premises installations. No patch is currently available for this medium-severity vulnerability.

IBM Webmethods Api Gateway

NVD

CVSS 3.1

6.5

EPSS

0.1%

CVE-2026-2606

EPSS 0% CVSS 6.5

MEDIUM This Month

Improper input validation in IBM webMethods API Gateway and API Management allows authenticated attackers to read arbitrary files on the server by supplying a file:// URI to the /createapi endpoint instead of the expected https:// schema. Affected versions include webMethods API Gateway 10.11 through 11.1_Fix7 and webMethods API Management on-premises installations. No patch is currently available for this medium-severity vulnerability.

IBM Webmethods Api Gateway

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy