<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1066880148/?value=0&amp;label=4oTQCMyJzwQQlJnd_AM&amp;guid=ON&amp;script=0">
Request More Info

«  View All Posts

Maximo Application Suite Security Bulletins March 2026 Blog Feature
Darlene Nerden

By: Darlene Nerden on March 11th, 2026

Print/Save as PDF

Maximo Application Suite Security Bulletins March 2026

Interloc Release Manager | Interloc Solutions | Maximo Implementation | Maximo Integration Framework | maximo implementations | Reliability | maximo transportation | Inspections Work Centers | Maximo Cloud | Information Security | Innovative Solutions | IT Security | IoT Devices | Maximo Integration | offline Maximo mobile

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7261597?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses net/http 1.23.4,1.24.2,1.24.3,crypto/x509 1.24.2,1.24.3 which is vulnerable to CVE-2025-4673, CVE-2025-22874 –

https://www.ibm.com/support/pages/node/7261596?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7261756?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160 –

https://www.ibm.com/support/pages/node/7262077?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.53.0-py3-none-any.whl which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7262078?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl, urllib3-2.6.1-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7262081?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726 –

https://www.ibm.com/support/pages/node/7262076?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161 –

https://www.ibm.com/support/pages/node/7262083?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses urllib3-2.6.1-py3-none-any.whl which is vulnerable to CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7262082?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284 –

https://www.ibm.com/support/pages/node/7262079?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses werkzeug-3.1.1-py3-none-any.whl, werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221, CVE-2026-21860 –

https://www.ibm.com/support/pages/node/7262080?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7262087?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735 –

https://www.ibm.com/support/pages/node/7262085?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7262086?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses filelock-3.20.1-py3-none-any.whl, filelock-3.20.2-py3-none-any.whl which is vulnerable to CVE-2026-22701 –

https://www.ibm.com/support/pages/node/7262090?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM IBM Edge Data Collector uses azure_core-1.14.0-py2.py3-none-any.whl which is vulnerable to CVE-2026-21226 –

https://www.ibm.com/support/pages/node/7262093?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7262241?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221 –

https://www.ibm.com/support/pages/node/7262254?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in rhino-1.7.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66453) –

https://www.ibm.com/support/pages/node/7262258?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses PyTorch 2.6.0 which is vulnerable to CVE-2025-2998, CVE-2025-2999, CVE-2025-55552,CVE-2025-63396,CVE-2025-55551 –

https://www.ibm.com/support/pages/node/7262279?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses transformers-4.57.3-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14924, CVE-2025-14926, CVE-2025-14927, CVE-2025-14928, CVE-2025-14929 –

https://www.ibm.com/support/pages/node/7262281?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-1002) –

https://www.ibm.com/support/pages/node/7262392?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in werkzeug-3.1.4-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21860) –

https://www.ibm.com/support/pages/node/7262393?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21441) –

https://www.ibm.com/support/pages/node/7262395?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2025-67735) –

https://www.ibm.com/support/pages/node/7262394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

IS Stacked Logo-1

 

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.