IBM UrbanCode Deploy UCD 7.2-8.2 - Sensitive Log File Leakage
CVE-2026-12086 Published on June 30, 2026
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
Vulnerability Analysis
CVE-2026-12086 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2026-12086
stack.watch emails you whenever new vulnerabilities are published in Ucd Ibm Urbancode Deploy or Ucd Ibm Devops Deploy. Just hit a watch button to start following.
Affected Versions
UCD - IBM UrbanCode Deploy:- Version 7.2.0, <= 7.2.3.23 is affected.
- Version 7.3.0, <= 7.3.2.18 is affected.
- Version 8.0, <= 8.0.1.13 is affected.
- Version 8.1.0, <= 8.1.2.6 is affected.
- Version 8.2.0, <= 8.2.1.0 is affected.