CVE-2026-1567

High

Published: 03 March 2026

Published

03 March 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

EPSS Score 0.0001 2.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1567 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Ibm Infosphere Information Server. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing

addresses: CWE-611

Penetration testing includes XML external entity payloads, detecting XXE vulnerabilities and enabling their mitigation.

SI-4 System Monitoring

addresses: CWE-611

Identifies XML external entity processing via monitoring of unusual file/network access or resource usage.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

XXE enables remote file/data read from the server (T1005) via exploitation of a network-accessible application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.

Deeper analysisAI

CVE-2026-1567 is an XML External Entity (XXE) vulnerability, classified under CWE-611, affecting IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. The flaw resides in the software's handling of XML inputs, enabling attackers to retrieve sensitive information from the server. It carries a CVSS v3.1 base score of 7.1, reflecting network accessibility, low attack complexity, and impacts on confidentiality and availability.

A low-privileged user (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity and no user interaction required (UI:N). Successful exploitation allows limited disclosure of sensitive information (C:L) and high disruption to availability (A:H), while integrity remains unaffected (I:N) in an unchanged scope (S:U).

IBM's security advisory at https://www.ibm.com/support/pages/node/7259630 provides details on mitigation, including available patches for the affected versions. Security practitioners should consult this reference for upgrade instructions and workarounds.

Details

CWE(s): CWE-611

Affected Products

ibm

infosphere information server

11.7 — 11.7.1.6

CVEs Like This One

CVE-2025-12531Same product: Ibm Infosphere Information Server

CVE-2025-0162Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2025-36247Same vendor: Ibm

CVE-2024-56340Same vendor: Ibm

CVE-2024-49781Same vendor: Ibm

CVE-2025-13096Same vendor: Ibm

CVE-2024-41771Same vendor: Ibm

CVE-2025-13616Same vendor: Ibm

CVE-2024-54171Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7259630
Vendor Advisory · psirt@us.ibm.com