CVE-2026-3144
IBM · API Connect
IBM API Connect versions 12.1.0.0 through 12.1.0.2 are susceptible to a vulnerability involving the use of default credentials, potentially allowing unauthorized access.
Executive summary
A critical security vulnerability in IBM API Connect 12 allows unauthorized access due to the use of default credentials, posing a significant risk to API management infrastructure.
Vulnerability
This issue (CWE-1392) involves the use of default credentials within the application. An unauthenticated attacker could potentially leverage these known credentials to gain administrative or unauthorized access to the affected API management system.
Business impact
The presence of default credentials creates an immediate pathway for attackers to compromise the integrity and confidentiality of the API gateway. Given the CVSS score of 8.1, the impact includes potential unauthorized control over managed APIs, exposure of sensitive backend services, and a total loss of trust in the API management layer.
Remediation
Immediate Action: Update IBM API Connect to version 12.1.0.3 or higher and ensure all default passwords are changed immediately upon installation.
Proactive Monitoring: Audit all user accounts and access logs for signs of unauthorized login attempts using common or default naming conventions.
Compensating Controls: Restrict network access to the API Connect management console to trusted IP addresses and implement multi-factor authentication where possible.
Exploitation status
Public Exploit Available: False
Analyst recommendation
Security teams must treat this vulnerability with high priority, as default credentials are a primary target for automated scanning and exploitation. Update to the patched version immediately and perform a full audit of all administrative accounts.