IBM MQ Operator
Moderate fix2 remedies
cpe:2.3:a:ibm:mq_operator:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 3.2.0, <= 3.2.21
- 3.3.0
- 3.4.0
- 3.4.1
- 3.5.0
- >= 3.5.1, <= 3.5.3
- >= 3.6.0, <= 3.6.4
- >= 3.7.0, <= 3.7.2
- 3.8.0
- 3.8.1
- >= 2.0.0, <= 2.0.29
IBM MQ Log Injection Vulnerability in Operator and Advanced Container Images
Vulnerability
Patched
A vulnerability exists in IBM MQ Operator versions 3.2.0 to 3.8.1 and in IBM-supplied MQ Advanced container images across several affected releases. The issue arises because log messages are not properly sanitized before being written to log files. This flaw could enable an unauthorized user to inject malicious data into MQ log entries, potentially causing log manipulation, misleading log information, or issues with downstream log processing.
Impact
Exploitation of this vulnerability could lead to unauthorized log injection, allowing for log manipulation or the introduction of misleading log entries that could disrupt normal log processing activities.
Remediation
Users can upgrade to IBM MQ Operator version 3.9.0 or 3.2.22, both of which include the patched IBM MQ Advanced 9.4.5.0-r1 container image. Alternatively, IBM MQ Container version 9.4.5.0-r1 is also available.
Added: Feb 17, 2026, 7:51 PM
Updated: Feb 17, 2026, 7:51 PM
Vulnerability Rating
Custom Algorithm
spread
1.2impact
1.3exploitability
3.3remediation
7.7relevance
3.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.