SB2026051437 - Multiple vulnerabilities in IBM Watson Discovery Cartridge

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026051437

SB2026051437 - Multiple vulnerabilities in IBM Watson Discovery Cartridge

Published: May 14, 2026

Security Bulletin ID SB2026051437
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 60% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2026-24880)

The vulnerability allows a remote attacker to perform request smuggling.

The vulnerability exists due to improper input validation in HTTP/1.1 chunk extension handling when parsing chunked requests. A remote attacker can send a specially crafted request with an invalid chunk extension to perform request smuggling.

Exploitation requires a reverse proxy in front of Tomcat that allows CRLF sequences in an otherwise valid chunk extension.


2) Open redirect (CVE-ID: CVE-2026-25854)

The vulnerability allows a remote attacker to redirect users to an arbitrary URI.

The vulnerability exists due to improper input validation in LoadBalancerDrainingValve when handling a specially crafted URL while a Tomcat node is in the disabled (draining) state. A remote attacker can send a specially crafted URL to redirect users to an arbitrary URI.

Only clustered deployments using LoadBalancerDrainingValve in the disabled (draining) state are affected.


3) Configuration (CVE-ID: CVE-2026-29129)

The vulnerability allows a remote attacker to cause the server to use TLS cipher suites in an unintended order.

The vulnerability exists due to improper configuration handling in TLS 1.3 cipher suite configuration when negotiating TLS connections. A remote attacker can initiate a TLS connection to cause the server to use TLS cipher suites in an unintended order.


4) Improper Certificate Validation (CVE-ID: CVE-2026-29145)

The vulnerability allows a remote user to bypass certificate revocation checks during authentication.

The vulnerability exists due to improper certificate validation in CLIENT_CERT authentication when processing OCSP checks in some scenarios with soft fail disabled. A remote user can present a certificate in affected scenarios to bypass certificate revocation checks during authentication.

Only some scenarios are affected when soft fail is disabled.


5) Improper input validation (CVE-ID: CVE-2026-32990)

The vulnerability allows a remote attacker to bypass strict SNI checks.

The vulnerability exists due to improper input validation in SNI name and host name validation when processing TLS connections. A remote attacker can use differences in case between the SNI name and host name to bypass strict SNI checks.


Remediation

Install update from vendor's website.

References