SB2026022006 - Multiple vulnerabilities in IBM Security QRadar EDR

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026022006

SB2026022006 - Multiple vulnerabilities in IBM Security QRadar EDR

Published: February 20, 2026

Security Bulletin ID SB2026022006
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Improper handling of highly compressed data (CVE-ID: CVE-2026-21441)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the application does not properly handle highly compressed data when sending HTTP redirect responses. A remote attacker can multiple large requests to the application, consume all available CPU and memory resources and perform a denial of service attack.


2) Improper verification of cryptographic signature (CVE-ID: CVE-2025-65945)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to improper signature verification under specific conditions when using the HS256 algorithm within the jws.createVerify() function. A remote attacker can manipulate header or payload in the HMAC secret lookup routines and bypass authorization checks. 


3) Resource exhaustion (CVE-ID: CVE-2025-15284)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the arrayLimit option does not enforce limits for bracket notation (a[]=1&a[]=2). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-66418)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing limits on the number of links in the decompression chain when handling gzip or zstd data in the server response. A malicious server can send a response with a large amount of links and cause high CPU load, leading to a denial of service condition. 


5) Resource exhaustion (CVE-ID: CVE-2025-66471)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the streaming API does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) CRLF injection (CVE-ID: CVE-2025-67735)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data in io.netty.handler.codec.http.HttpRequestEncoder. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


Remediation

Install update from vendor's website.

References