cbcvebase.
CVE-2026-3660
published 2026-05-26

CVE-2026-3660: IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.3th percentile
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

Affected

6 ranges
VendorProductVersion rangeFixed in
ibmengineering_lifecycle_management
ibmengineering_lifecycle_management
ibmengineering_lifecycle_management
ibmengineering_lifecycle_management7.0.3 – Interim Fix 021
ibmengineering_lifecycle_management7.1.0 – Interim Fix 009
ibmengineering_lifecycle_management7.2.0 – Interim Fix 001
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.