VDB
CVE-2026-40087
CVE-2026-40087
PUBLISHED
CVSS 5.300000190734863 MEDIUM
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
EPSS 0.05% · 17.4th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.05%
17.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | Sterling | |
| PyPI | langchain-core | 0, 1.0.0a1 |
| IBM | AIX | |
| IBM | VIOS | |
| langchain-ai | langchain | >= 1.0.0a1, < 1.2.28, * |
| IBM | QRadar |
Timeline
- Apr 8, 2026 CVE Published
- Apr 10, 2026 CVE Updated
- Apr 10, 2026 Security Advisory
- Apr 11, 2026 EPSS Score
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw url
- https://github.com/langchain-ai/langchain/pull/36612 url
- https://github.com/langchain-ai/langchain/pull/36613 url
- https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b url
- https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258 url
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84 url
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28 url
- https://github.com/langchain-ai/langchain package
- https://www.ibm.com/support/pages/node/7271707 advisory
- https://www.ibm.com/support/pages/node/7271922 advisory
- https://www.ibm.com/support/pages/node/7271681 advisory
- https://www.ibm.com/support/pages/node/7271765 advisory