wid-sec-w-2026-0924 · Published 2026-03-30 · View on BSI CERT-Bund ↗

IBM DataPower Gateway: Multiple Vulnerabilities

CVSS 6.5 MEDIUM

Risk Summary

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CVEs (2)

CVE-2025-13466 CVE-2025-36375

Affected Vendors

IBM

Affected Products (8)

IBM · DataPower Gateway <11.0.0.0

IBM · DataPower Gateway 11.0.0.0

IBM · DataPower Gateway <10.6.0.9

IBM · DataPower Gateway 10.6.0.9

IBM · DataPower Gateway <10.6.6.0

IBM · DataPower Gateway 10.6.6.0

IBM · DataPower Gateway <10.5.0.21

IBM · DataPower Gateway 10.5.0.21

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more