CVE-2026-13449
Last modified
CVE-2026-13449 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Automation Manager | >= 9.0.0, < 9.5.0 |
References
- https://www.ibm.com/support/pages/node/7278532Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-13449?
How severe is CVE-2026-13449?
How do I fix CVE-2026-13449?
Related CVEs from 2026
- CVE-2026-13430The Post Export Import with Media plugin for WordPress is vu…7.2
- CVE-2026-13434A flaw was found in KubeVirt's network annotation generator.…4.9
- CVE-2026-13437Insertion of sensitive information into sent data in the AI …6.5
- CVE-2026-1344Tanium addressed an insecure file permissions vulnerability …5.5
- CVE-2026-13441The EventPrime – Events Calendar, Bookings and Tickets plugi…7.2
- CVE-2026-13443The Tutor LMS – eLearning and online course solution plugin …6.4
- CVE-2026-1345IBM Verify Identity Access Container 11.0 through 11.0.2 and…7.3
- CVE-2026-13450The GamiPress – Gamification plugin to reward points, achiev…5.3
- CVE-2026-13454The MotoPress Appointment Booking plugin for WordPress is vu…6.5
- CVE-2026-13455PostgreSQL Anonymizer contains a vulnerability that allows u…4.3
- CVE-2026-13459The JetFormBuilder — Dynamic Blocks Form Builder plugin for …5.3
- CVE-2026-1346IBM Verify Identity Access Container 11.0 through 11.0.2 and…7.8
Are you affected by CVE-2026-13449?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
