Description

IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read access on the underlying server file system.

INFO

Published Date :

2026-03-03T19:38:30.609Z

Last Modified :

2026-03-04T21:11:13.359Z

Source :

ibm
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2606 vulnerability.

Vendors Products
Ibm
  • Webmethods Api Gateway
  • Webmethods Api Gateway On Prem
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2606.

URL Resource
https://www.ibm.com/support/pages/node/7261122 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact