CVE-2026-13473 PUBLISHED

IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow

Assigner: ibm
Reserved: 26.06.2026 Published: 17.07.2026 Updated: 17.07.2026

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.1

Product Status

Vendor IBM
Product Storage Protect Client
Versions
  • affected from 8.1.0.0 to 8.1.27.0, 8.1.27.1 (incl.)
  • affected from 8.2.0.0 to 8.2.1.0 (incl.)

Solutions

IBM strongly recommends addressing the vulnerability now.

ProductFixing levelPlatformsLink to fix and instructionsIBM Storage Protect Client8.2.1.2Windows https://www.ibm.com/support/pages/node/7267111

Details about the upgrade path to be followed for IBM Storage Protect Backup-Archive Client:

Manual Upgrade:

Current version Upgrade Path8.1.0.0 - 8.1.27.0, 8.1.27.18.1.0.0 to 8.2.1.0 to 8.2.1.28.2.0.0 - 8.2.1.08.2.0.0 to 8.2.1.2

Upgrade via Client Auto Deploy 

8.1.0.0 - 8.1.27.0, 8.1.27.18.1.27.0 to 8.2.0.0 to 8.2.1.2 , 8.1.27.1 to 8.2.0.0 to 8.2.1.28.2.0.08.2.1.2

Credits

  • The vulnerability was reported to IBM by Pétur Eyþórsson and Cristie Nordic. finder

References