Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-13473— IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow

CVSS 8.1 · High

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-13473

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
IBMStorage Protect Client 8.1.0.0 ~ 8.1.27.0, 8.1.27.1 cpe:2.3:a:ibm:storage_protect_client:8.1.0.0:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-13473

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-13473

登录查看更多情报信息。

Other References for CVE-2026-13473 (1)

Same Patch Batch · IBM · 2026-07-17 · 34 CVEs total

CVE-2026-84769.9 CRITICALDisk Cache Deserialization Remote Code Execution Vulnerability
CVE-2026-84819.9 CRITICALRemote Code Execution via Code Validation Endpoint
CVE-2026-86359.9 CRITICALArbitrary Code Execution in Python Interpreter Component
CVE-2026-88599.9 CRITICALPath Traversal in APIRequest Component via Content-Disposition Header
CVE-2026-91359.9 CRITICALPolicies Component Dynamic CodeInput Fields Bypass Custom Component Validation
CVE-2026-134469.8 CRITICALLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-85059.8 CRITICALAuthentication Bypass in Webhook Endpoints Allowed Unauthorized Flow Execution
CVE-2026-91039.8 CRITICALUnauthenticated Superuser Token Issuance via Auto-Login Endpoint
CVE-2026-91989.8 CRITICALUnauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation
CVE-2026-92029.8 CRITICALUnauthenticated User Registration Could Lead to Remote Code Execution
CVE-2026-150919.3 CRITICALMultiple Vulnerabilities in IBM Engineering AI hub.
CVE-2026-144998.8 HIGHLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-76678.8 HIGHPath Traversal Vulnerability in API Request Component Content-Disposition Header Processin
CVE-2026-80568.8 HIGHParameter Injection Vulnerability in API Graph Execution Engine
CVE-2026-77558.8 HIGHMCP Server Configuration Validator Bypass via File Upload API
CVE-2026-134458.1 HIGHLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-134488.1 HIGHLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-97627.8 HIGHIBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc
CVE-2026-77547.7 HIGHSSRF Protection Configuration Vulnerability
CVE-2026-78727.5 HIGHPath Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authenti

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-13473

No comments yet


Leave a comment