wid-sec-w-2026-1007 · Published 2026-04-07 · View on BSI CERT-Bund ↗

IBM App Connect Enterprise: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

CVEs (43)

CVE-2025-14550 CVE-2025-14831 CVE-2025-15281 CVE-2025-15366 CVE-2025-15367 CVE-2025-15599 CVE-2025-55130 CVE-2025-55131 CVE-2025-55132 CVE-2025-59465 CVE-2025-59466 CVE-2025-68470 CVE-2025-9820 CVE-2026-0540 CVE-2026-0861 CVE-2026-0915 CVE-2026-0980 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1299 CVE-2026-1312 CVE-2026-1530 CVE-2026-1531 CVE-2026-1961 CVE-2026-21637 CVE-2026-22029 CVE-2026-23490 CVE-2026-2436 CVE-2026-25518 CVE-2026-27137 CVE-2026-27138 CVE-2026-27959 CVE-2026-29063 CVE-2026-29087 CVE-2026-30922 CVE-2026-3632 CVE-2026-3633 CVE-2026-3634 CVE-2026-3731 CVE-2026-4271 CVE-2026-4324 CVE-2026-5119

Affected Vendors

IBM

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more