DoS and malware attacks possible on IBM App Connect Enterprise

Multiple software vulnerabilities threaten systems with IBM App Connect Enterprise or WebSphere Service Registry and Repository Studio.

(Image: AFANASEV IVAN/Shutterstock.com)

Feb 8, 2026 at 11:00 pm CET

2 min. read

Security

By

Dennis Schirrmacher

Systems with IBM App Connect Operator and App Connect Enterprise Certified Containers Operands or WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio are vulnerable and attacks may be imminent. Updated versions resolve various security issues.

IBM App Connect Enterprise

For example, attackers can attack instances with specific Uniform Resource Identifier (URI) requests and provoke extreme CPU load in the context of Node.js. This causes systems to become unresponsive (CVE-2026-0621 "high"). Because IBM App Connect Enterprise Certified Container processes untrusted data in the Python module azure-core, authenticated attackers can execute malicious code over a network (CVE-2026-21226 "high").

The remaining vulnerabilities are classified as "medium" threat level. In these cases, attackers can modify configurations, for example (CVE-2025-13491).

To protect systems from possible attacks, administrators must install App Connect Enterprise Certified Container Operator 12.20.0. Additionally, they must ensure that at least version 13.0.6.1-r1 is installed for DesignerAuthoring, IntegrationServer, and IntegrationRuntime.

IBM WebSphere

Videos by heise

The vulnerability affects the Eclipse OMR component (CVE-2026-1188 "medium"). At this point, attackers can trigger a memory error, which usually leads to crashes. However, malicious code often also gets onto systems through this. The developers assure that the security problem has been resolved in V8.5.6.3_IJ56659.

IBM details further information on the vulnerabilities in several security advisories: