RCE via Unrestricted Method in IBM ELM 7.0.3-7.2.0 (Admin Only)
CVE-2026-4051 Published on May 26, 2026

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-4051 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Exposed Dangerous Method or Function

The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

Products Associated with CVE-2026-4051

Want to know whenever a new CVE is published for IBM Engineering Lifecycle Management? stack.watch will email you.

IBM Engineering Lifecycle Management

Affected Versions

IBM Engineering Lifecycle Management:

Version 7.0.3, <= Interim Fix 021 is affected.
Version 7.1.0, <= Interim Fix 009 is affected.
Version 7.2.0, <= Interim Fix 001 is affected.

RCE via Unrestricted Method in IBM ELM 7.0.3-7.2.0 (Admin Only)CVE-2026-4051 Published on May 26, 2026

Vulnerability Analysis

Weakness Type

Exposed Dangerous Method or Function

Products Associated with CVE-2026-4051

Affected Versions

RCE via Unrestricted Method in IBM ELM 7.0.3-7.2.0 (Admin Only)
CVE-2026-4051 Published on May 26, 2026