{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/api-connect-10.0.8.8/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-9074"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["API Connect (10.0.8.0)","API Connect (10.0.8.1)","API Connect (10.0.8.2)","API Connect (10.0.8.3)","API Connect (10.0.8.4)","API Connect (10.0.8.5)","API Connect (10.0.8.6)","API Connect (10.0.8.7)","API Connect (10.0.8.8)","API Connect (10.0.8.9)","API Connect (12.1.0.0)","API Connect (12.1.0.1)","API Connect (12.1.0.2)","API Connect (12.1.0.3)"],"_cs_severities":["critical"],"_cs_tags":["sql-injection","web-vulnerability","critical-vulnerability","api-management"],"_cs_type":"advisory","_cs_vendors":["IBM"],"content_html":"\u003cp\u003eA critical unauthenticated SQL injection vulnerability, tracked as CVE-2026-9074 (CVSS v3.1 Base Score: 9.1), affects IBM API Connect versions 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3. This flaw resides within the password reset functionality of the API management platform, allowing a remote attacker to inject malicious SQL queries without requiring any prior authentication. Successful exploitation of this vulnerability could enable an attacker to bypass authentication mechanisms, gain unauthorized access to sensitive database information, or potentially manipulate data, posing a significant risk to the integrity and confidentiality of the affected systems and user accounts. Organizations utilizing the specified vulnerable versions of IBM API Connect are strongly urged to apply the available patches immediately to mitigate this severe risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies an exposed IBM API Connect instance running a vulnerable version (10.0.8.0-10.0.8.9 or 12.1.0.0-12.1.0.3).\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the publicly available password reset functionality of the IBM API Connect web interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts and submits a specially malformed request to the password reset endpoint, embedding SQL injection payloads within input fields or parameters that are processed by the application's backend database.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application processes the malicious input without proper sanitization, leading to the execution of the attacker's arbitrary SQL commands within the database.\u003c/li\u003e\n\u003cli\u003eDepending on the crafted payload, the attacker might retrieve sensitive information from the database (e.g., user credentials, API keys) or bypass authentication to gain unauthorized access to user accounts.\u003c/li\u003e\n\u003cli\u003eUpon successful data exfiltration or authentication bypass, the attacker can leverage the compromised credentials or access tokens for further malicious activities within the API Connect environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9074 can lead to severe consequences for organizations. Due to the unauthenticated nature of the vulnerability, any attacker can initiate the exploitation. The primary impacts include unauthorized access to sensitive data stored in the backend database, such as user account details, API configurations, or other critical system information. Attackers could also achieve authentication bypass, gaining full control over administrative or user accounts within the IBM API Connect instance. This could lead to further compromise of managed APIs, data exfiltration, service disruption, or unauthorized modification of system settings, severely compromising the confidentiality and integrity of the API management platform and the services it exposes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-9074 immediately by updating IBM API Connect to a fixed version beyond 10.0.8.9 or 12.1.0.3, as described in the IBM support advisories referenced.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect CVE-2026-9074 Exploitation Attempt - IBM API Connect SQL Injection\u0026quot; to your SIEM and tune for your environment to detect attempts against the password reset functionality.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to password reset endpoints containing common SQL injection patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T16:24:32Z","date_published":"2026-07-08T16:24:32Z","id":"https://feed.craftedsignal.io/briefs/2026-07-ibm-api-connect-sqli/","summary":"IBM API Connect versions 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 are vulnerable to an unauthenticated SQL injection (CVE-2026-9074) in the password reset functionality, potentially leading to unauthorized data access or authentication bypass.","title":"Unauthenticated SQL Injection in IBM API Connect (CVE-2026-9074)","url":"https://feed.craftedsignal.io/briefs/2026-07-ibm-api-connect-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed - API Connect (10.0.8.8)","version":"https://jsonfeed.org/version/1.1"}