SB2026040930 - Multiple vulnerabilities in IBM watsonx.data

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026040930

SB2026040930 - Multiple vulnerabilities in IBM watsonx.data

Published: April 9, 2026

Security Bulletin ID SB2026040930
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Protection Mechanism Failure (CVE-ID: CVE-2025-50181)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Redirect object when handling redirects and retries. A remote attacker can force the library to follow redirects even if explicitly disabled with PoolManager.


2) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-66418)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing limits on the number of links in the decompression chain when handling gzip or zstd data in the server response. A malicious server can send a response with a large amount of links and cause high CPU load, leading to a denial of service condition. 


3) Resource exhaustion (CVE-ID: CVE-2025-66471)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the streaming API does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References