SB2026030633 - Multiple vulnerabilities in IBM watsonx Code Assistant On Prem
Published: March 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 53 secuirty vulnerabilities.
1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-22701)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a race condition in the SoftFileLock implementation of the filelock package. A local user can create a symbolic link to a critical file on the system between the permission validation and file creation to cause lock operations to fail or behave unexpectedly.
2) Prototype pollution (CVE-ID: CVE-2025-13465)
The vulnerability allows a remote attacker to alter application's behavior.
The vulnerability exists due to improper input validation within the in the _.unset and _.omit functions. A remote attacker can pass specially crafted input to the application and delete methods from global prototypes.
3) Deserialization of Untrusted Data (CVE-ID: CVE-2025-14924)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the parsing of checkpoints. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Code Injection (CVE-ID: CVE-2025-14928)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the convert_config function. A remote attacker can trick a victim to convert a malicious checkpoint and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Deserialization of Untrusted Data (CVE-ID: CVE-2025-14929)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the parsing of checkpoints. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Deserialization of Untrusted Data (CVE-ID: CVE-2025-14930)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the parsing of weights. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Integer overflow (CVE-ID: CVE-2025-66030)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to integer overflow within the asn1.derToOid() function in forge/lib/asn1.js when parsing ASN.1 structures containing OIDs with oversized arcs. A remote attacker can construct a specially crafted ASN.1 object to spoof an OID and bypass downstream OID-based security decisions.
8) Uncontrolled recursion (CVE-ID: CVE-2025-66031)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion within the asn1.fromDer() function in forge/lib/asn1.js. A remote non-authenticated attacker can pass specially crafted deep ASN.1 structures to trigger unbounded recursive parsing and perform a denial of service attack.
9) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-25528)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can inject arbitrary api_url values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints.
10) Interpretation conflict (CVE-ID: CVE-2025-12816)
The vulnerability allows a remote attacker to bypass downstream cryptographic verification and security decisions.
The vulnerability exists due to incorrect validation of ASN.1 structures within the asn1.validate() function in forge/lib/asn1.js. A remote non-authenticated attacker can use specially crafted ASN.1 structures to desynchronize DER schema validations and bypass downstream cryptographic verification and security decisions.
11) Uncontrolled recursion (CVE-ID: CVE-2026-0994)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to uncontrolled recursion in within the google.protobuf.json_format.ParseDict(). A remote attacker can pass specially crafted input to the application and perform a denial of service attack.
12) Uncaught Exception (CVE-ID: CVE-2026-25128)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the RangeError issue in the numeric entity. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
13) Path traversal (CVE-ID: CVE-2026-23745)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in src/unpack.ts within the [HARDLINK] and [SYMLINK] methods. A remote attacker can send a specially crafted HTTP request and read/overwrite arbitrary files on the system.
14) Resource exhaustion (CVE-ID: CVE-2025-69229)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the request.read() method. A remote attacker can trigger CPU exhaustion and perform a denial of service (DoS) attack.
15) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2026-25639)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within proto Key in mergeConfig. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
16) Inefficient regular expression complexity (CVE-ID: CVE-2024-1899)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in subparser when processing links with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
17) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-22702)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. A local user can gain access to sensitive information, poison cache or perform a denial of service attack.
18) Buffer overflow (CVE-ID: CVE-2025-2998)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within the torch.nn.utils.rnn.pad_packed_sequence() function. A remote attacker can trick the victim into passing specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
19) Buffer overflow (CVE-ID: CVE-2025-2999)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within the torch.nn.utils.rnn.unpack_sequence() function. A remote attacker can trick the victim into passing specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
20) Integer overflow (CVE-ID: CVE-2025-55552)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unexpected behavior when the components torch.rot90 and torch.randn_like are used together. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-63396)
The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to the omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization. An authenticated local user with physical access to the system can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.
22) Resource exhaustion (CVE-ID: CVE-2026-23490)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling RELATIVE-OID with excessive continuation octets. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
23) Path traversal (CVE-ID: CVE-2026-24842)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in lib/unpack.js. A remote attacker can send a specially crafted HTTP request and read or overwrite arbitrary files on the system.
24) Creation of temporary file in directory with insecure permissions (CVE-ID: CVE-2025-71176)
The vulnerability allows a local user to gain access to escalate privileges on the system.
The vulnerability exists due to pytest on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern. A local user can cause a denial of service or possibly gain privileges on the system.
25) Path traversal (CVE-ID: CVE-2026-24049)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in wheel unpack. A remote attacker can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files.
26) Resource management error (CVE-ID: CVE-2025-69230)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when reading invalid cookie attributes. A remote attacker can send specially crafted requests to the application and produce a huge amount of log entries, leading to a denial of service condition.
27) Resource exhaustion (CVE-ID: CVE-2025-69228)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the Request.post() method. A remote attacker can send large HTTP payloads to the application to trigger resource exhaustion and perform a denial of service (DoS) attack.
28) Resource exhaustion (CVE-ID: CVE-2025-15284)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the arrayLimit option does not enforce limits for bracket notation (a[]=1&a[]=2). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
29) Deserialization of Untrusted Data (CVE-ID: CVE-2025-68664)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the dumps() and dumpd() functions. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Inefficient regular expression complexity (CVE-ID: CVE-2026-26996)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions within "minimatch" function. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
31) Deserialization of Untrusted Data (CVE-ID: CVE-2025-14920)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the parsing of model files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Deserialization of Untrusted Data (CVE-ID: CVE-2025-14921)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the parsing of model files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Code Injection (CVE-ID: CVE-2025-14926)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the convert_config function. A remote attacker can trick a victim to convert a malicious checkpoint and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Code Injection (CVE-ID: CVE-2025-14927)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the convert_config function. A remote attacker can trick a victim to convert a malicious checkpoint and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Resource exhaustion (CVE-ID: CVE-2025-55551)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and cause a Denial of Service (DoS) when performing a slice operation.
36) Asymmetric Resource Consumption (Amplification) (CVE-ID: CVE-2025-68480)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a moderately sized request can consume a disproportionate amount of CPU time. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
37) Path traversal (CVE-ID: CVE-2026-24486)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when using non-default configuration options "UPLOAD_DIR" and "UPLOAD_KEEP_FILENAME=True". A remote attacker can send a specially crafted HTTP request and write arbitrary files on the system.
38) Race condition (CVE-ID: CVE-2026-23950)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in Path Reservations via Unicode Sharp-S (ß) Collisions on macOS APFS. A remote attacker can trick the victim into using a specially crafted archive to bypass the library's internal concurrency safeguards and perform Symlink Poisoning attacks.
39) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-67221)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to orjson.dumps function does not limit recursion for deeply nested JSON documents. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
40) Reachable Assertion (CVE-ID: CVE-2021-31294)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Redis allows a replica to cause an assertion failure in a primary server. A remote attacker can send a non-administrative command (specifically, a SET command) to perform a denial of service (DoS) attack.
41) Infinite loop (CVE-ID: CVE-2025-69227)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the Request.post() method when optimisations are enabled (-O or PYTHONOPTIMIZE=1). A remote attacker send multiple HTTP POST requests to the server and perform a denial of service attack.
42) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2025-68146)
The vulnerability allows a local user to truncate arbitrary files.
The vulnerability exists due to a race condition when truncating files. A local user can create a symbolic link to a critical file on the system in the time gap between the check and open, causing os.open() to follow the symlink and truncate the target file.
43) Infinite loop (CVE-ID: CVE-2026-2739)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker can сall maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
44) Use of a Cryptographic Primitive with a Risky Implementation (CVE-ID: CVE-2025-14505)
The vulnerability allows a remote attacker to gain access to secret key.
The vulnerability exists due to ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. A remote attacker can under certain conditions derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs
45) Improper Handling of Windows Device Names (CVE-ID: CVE-2026-27199)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the "safe_join" function allows Windows device names as filenames if when preceded by other path segments. A remote attacker can cause reading of the file to hang indefinitely.
46) Buffer overflow (CVE-ID: CVE-2026-24747)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "weights_only" unpickler. A remote attacker can trick a victim to load a malicious checkpoint file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Inefficient regular expression complexity (CVE-ID: CVE-2025-69873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation, when the $data option is enabled. A local user can can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.
48) Improper Handling of Windows Device Names (CVE-ID: CVE-2026-21860)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as CON.txt, or trailing spaces such as CON. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
49) Improper handling of highly compressed data (CVE-ID: CVE-2026-21441)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the application does not properly handle highly compressed data when sending HTTP redirect responses. A remote attacker can multiple large requests to the application, consume all available CPU and memory resources and perform a denial of service attack.
50) Improper handling of highly compressed data (CVE-ID: CVE-2025-69223)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the application does not properly handle highly compressed data within the auto_decompress feature. A remote attacker can send a specially crafted compressed HTTP request to the server and consume all available memory resources.
51) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-69224)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of non-ASCII characters within HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks but requires that a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled.
52) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-69225)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to the application allows non-ASCII decimals to be present in the Range header. A remote attacker can send a specially crafted HTTP request to the server and potentially smuggle arbitrary HTTP headers.
53) Information disclosure (CVE-ID: CVE-2025-69226)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the web.static() function allows detection of existing path components. A remote non-authenticated attacker can brute-force file names on the system.
Remediation
Install update from vendor's website.