CVE-2026-12628— Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-12628
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | Storage Protect Client | 8.1.0.0 ~ 8.2.1.0 | cpe:2.3:a:ibm:storage_protect_client:8.1.0.0:*:*:*:*:*:*:* | |
| IBM | Storage Protect Snapshot For Windows | 8.1.0.0 ~ 8.2.1.0 | cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:8.1.0.0:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-12628
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-12628
请登录查看更多情报信息。
Other References for CVE-2026-12628 (1)
Same Patch Batch · IBM · 2026-06-22 · 21 CVEs total
| CVE-2026-10561 | 10.0 CRITICAL | Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Inj |
| CVE-2026-7664 | 9.8 CRITICAL | Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS |
| CVE-2026-9072 | 8.1 HIGH | WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and |
| CVE-2026-9071 | 7.5 HIGH | IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by |
| CVE-2026-8858 | 7.5 HIGH | WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and |
| CVE-2026-9006 | 7.4 HIGH | IBM WebSphere Application Server is affected by server-side request forgery |
| CVE-2026-8646 | 7.4 HIGH | IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by |
| CVE-2024-54178 | 6.5 MEDIUM | Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud |
| CVE-2024-51454 | 6.5 MEDIUM | IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vuln |
| CVE-2026-8059 | 6.1 MEDIUM | Multiple Vulnerabilities in IBM Datacap |
| CVE-2025-2669 | 6.0 MEDIUM | Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud |
| CVE-2026-9320 | 5.9 MEDIUM | IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by |
| CVE-2026-10852 | 5.9 MEDIUM | Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Applicati |
| CVE-2026-8636 | 5.5 MEDIUM | Multiple Vulnerabilities in IBM Datacap |
| CVE-2026-11372 | 5.4 MEDIUM | IBM TRIRIGA Cross-Site Scripting Vulnerability |
| CVE-2025-33128 | 5.4 MEDIUM | IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vuln |
| CVE-2023-33854 | 5.3 MEDIUM | Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud |
| CVE-2026-7253 | 5.3 MEDIUM | IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) i |
| CVE-2026-9610 | 2.3 LOW | Multiple Vulnerabilities in IBM Datacap |
| CVE-2026-10845 | IBM WebSphere Application Server is affected by an authentication bypass vulnerability |
IV. Related Vulnerabilities
Same vendor: IBM
- CVE-2026-10852
Websphere Application Server is Affected By a Denial of Serv - CVE-2026-7253
IBM Watson Speech Services Cartridge is vulnerable to Server - CVE-2026-9320
IBM WebSphere Application Server and WebSphere Application S - CVE-2026-9071
IBM WebSphere Application Server and WebSphere Application S - CVE-2026-9006
IBM WebSphere Application Server is affected by server-side
Same weakness: CWE-798
- CVE-2026-56269
Flowise - Weak Default Token Hash Secret in JWT Token Encryp - CVE-2026-56265
Crawl4AI - Authentication Bypass via Hardcoded JWT Signing K - CVE-2026-47846
Bitnami Cassandra默认超级用户漏洞 - CVE-2026-47847
Bitnami MariaDB Galera 硬编码凭证漏洞 - CVE-2025-10560
Hardcoded cloud credentials in Worksnaps client application
V. Comments for CVE-2026-12628
No comments yet