CVE-2026-14971 PUBLISHED

This PowerVM Novalink update is being released to address

Assigner: ibm
Reserved: 07.07.2026 Published: 17.07.2026 Updated: 17.07.2026

IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 2.3.02.3.0.12.3.12.3.2 IBM NovaLink APIs misconfiguration may increase attack surface and enable unintended or unauthorized operations under non-default conditions.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
CVSS Score: 3.9

Product Status

Vendor IBM
Product PowerVM Novalink
Versions
  • Version 2.2.02.2.12.2.1.1 is affected
  • Version 2.3.02.3.0.12.3.12.3.2 is affected

Solutions

IBM strongly recommends addressing the vulnerability now by upgrading based on the table below.

ProductVersionRemediationPowerVM Novalink

2.2.1.1

Update to pvm-novalink-2.2.1.1-260708 https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.2.1.1_readme.html

or

Update to pvm-novalink-2.3.3-260714 https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.3.3_readme.html

PowerVM Novalink

2.3.3

Update to pvm-novalink-2.3.3-260714 https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.3.3_readme.html

References

Problem Types

  • CWE-16 Configuration CWE