Auth bypass in Tibco Bpm Enterprise

CVE-2026-3207

Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.

Vulnerability class: Broken Authentication

EPSS: 0.001 (17.0th percentile) — read the EPSS interpretation.

Affected products

Tibco Bpm Enterprise — versions 4.3

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

community.tibco.com/advisories/tibco-security-advisory-march-17-2026-tibco-bpm-…