CVE-2025-36183 LOW

CVE-2025-36183: Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data

Vendor Ibm
Product watsonx.data
Weakness CWE-434 · Unrestricted file upload
Published February 17, 2026
Last update February 18, 2026

CVSS base score

3.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.

Key dates

02Disclosure timeline

February 17, 2026 CVE published
February 18, 2026 Record updated