Main Vulnerability Database SB2026052107

SB2026052107 - IBM WebSphere Automation update for Apache Kafka

Published: May 21, 2026

Security Bulletin ID SB2026052107

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Race condition (CVE-ID: CVE-2026-35554)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. A remote attacker can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7271877