CVE-2026-5065 HIGH

CVE-2026-5065: IBM Controller is affected by vulnerabilities

Vendor Ibm
Product Controller
Weakness CWE-798 · Hardcoded credentials
Published May 27, 2026
Last update May 29, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Key dates

02Disclosure timeline

May 27, 2026 CVE published
May 29, 2026 Record updated