What is CVE-2025-36326?

CVE-2025-36326 is a low-severity vulnerability in Ibm Cognos Controller, classified under Use of Hard-coded Cryptographic Key. CVSS score: 3.7/10. Published 2025-09-26.

How severe is CVE-2025-36326?

Low severity. CVSS v3 base score is 3.7 out of 10.

Is CVE-2025-36326 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ibm Cognos Controller

CVE-2025-36326

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.

EPSS: 0.000 (8.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Ibm Cognos Controller — versions 11.0.0
Ibm Controller — versions 11.1.0

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.ibm.com/support/pages/node/7246015 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-36326?: CVE-2025-36326 is a low-severity vulnerability in Ibm Cognos Controller, classified under Use of Hard-coded Cryptographic Key. CVSS score: 3.7/10. Published 2025-09-26.
How severe is CVE-2025-36326?: Low severity. CVSS v3 base score is 3.7 out of 10.
Is CVE-2025-36326 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.