CVE-2026-7253 PUBLISHED

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway

Assigner: ibm
Reserved: 27.04.2026 Published: 22.06.2026 Updated: 22.06.2026

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	IBM Watson Speech Services Cartridge
Versions	Default: unaffected affected from 4.0.0 to 5.3.1 (incl.)

Solutions

Product(s)Version(s)Remediation/Fix/InstructionsIBM Watson Speech Services Cartridge5.4 The fix in v5.4 applies to all versions listed (4.0.0-5.3.1). The newest version, 5.4 can be downloaded and installed from: https://www.ibm.com/docs/en/cloud-paks/cp-data

Product(s)Version(s)Remediation/Fix/InstructionsIBM Watson Speech Services Cartridge5.3.1 Patch 7 The fix in 5.3.1 Patch 7 applies to all versions listed (4.0.0-5.3.1). The newest version of 5.3.1 with the included Patch 7 can be downloaded and installed from: https://www.ibm.com/docs/en/cloud-paks/cp-data/5.3.x

References

https://www.ibm.com/support/pages/node/7276994

Problem Types

CWE-918 Server-Side request forgery (SSRF) CWE