What is CVE-2026-3676?

CVE-2026-3676 is a medium-severity vulnerability in Ibm Cloud Apm, Advanced Private, classified under Improper Validation of Specified Quantity in Input. CVSS score: 6.5/10. Published 2026-05-27.

How severe is CVE-2026-3676?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Ibm Cloud Apm, Advanced Private

CVE-2026-3676

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of…

EPSS: 0.001 (17.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Ibm Cloud Apm, Advanced Private — versions 8.1.4
Ibm Cloud Apm, Base Private — versions 8.1.4
Ibm Cloud_application_performance_managemen — versions 8.1.4

Weakness classification (CWE)

CWE-1284 — Improper Validation of Specified Quantity in Input

References

psirt@us.ibm.com (vendor-advisory, patch, Vendor Advisory)

Frequently asked questions

What is CVE-2026-3676?: CVE-2026-3676 is a medium-severity vulnerability in Ibm Cloud Apm, Advanced Private, classified under Improper Validation of Specified Quantity in Input. CVSS score: 6.5/10. Published 2026-05-27.
How severe is CVE-2026-3676?: Medium severity. CVSS v3 base score is 6.5 out of 10.