CVE-2026-5065 PUBLISHED

IBM Controller is affected by vulnerabilities

Assigner: ibm
Reserved: 27.03.2026 Published: 27.05.2026 Updated: 27.05.2026

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Controller
Versions	affected from 11.0.1 to 26.0.0.5 (incl.) Version 11.1.0 is affected Version 11.1.1 is affected Version 11.1.2 is affected

Solutions

It is strongly recommended that you apply the most recent security updates:

Affected Product(s)Version(s)FixIBM Controller11.0.1 - 11.1.2 https://www.ibm.com/mysupport.

References

https://www.ibm.com/support/pages/node/7273004

Problem Types

CWE-798 Use of Hard-coded Credentials CWE