Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
IBM DataStage on Cloud Pak for Data allows malicious users to run system commands
CVE-2025-13686
Summary
An attacker with an account can run arbitrary system commands on the server. This is a serious issue because an attacker could potentially use this to gain more access to the system or disrupt its normal function. IBM has not provided a fix yet, but you should consider disabling the affected component or waiting for an update to protect your system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | datastage_on_cloud_pak_for_data | > 5.1.2 , <= 5.3.1 | – |
Original title
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user ...
Original description
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.
nvd CVSS3.1
8.8
Vulnerability type
CWE-78
OS Command Injection
- https://www.ibm.com/support/pages/node/7262347 Vendor Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026