CVE-2025-36183

Published: Feb 17, 2026Modified: Feb 20, 2026

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.

Affected (1)

Products: Ibm: Watsonx.data

Ibm

1 product

Watsonx.data

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Watsonx.data	From 2.2.0 to 2.2.2

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://www.ibm.com/support/pages/node/7260118

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.