Interloc Solutions Blog

Maximo Application Suite Security Bulletins May 2026

Written by Darlene Nerden | May 12, 2026 12:13:30 PM

Maximo Application Suite Security Bulletins

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively –

https://www.ibm.com/support/pages/node/7268031?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 –

https://www.ibm.com/support/pages/node/7268032?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7268275?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-26007) –

https://www.ibm.com/support/pages/node/7268617?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161) –

https://www.ibm.com/support/pages/node/7268612?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in lodash-4.17.21.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-13465) –

https://www.ibm.com/support/pages/node/7268616?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002) –

https://www.ibm.com/support/pages/node/7268613?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-30922) –

https://www.ibm.com/support/pages/node/7268614?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199) –

https://www.ibm.com/support/pages/node/7268615?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses python_multipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486 –

https://www.ibm.com/support/pages/node/7268619?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860 –

https://www.ibm.com/support/pages/node/7268639?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205 –

https://www.ibm.com/support/pages/node/7268663?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7268662?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-13333) –

https://www.ibm.com/support/pages/node/7269126?myns=swgother&mynp=OCSSLKT6&mynp=OCSSLL9Z&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSLKSJ&mynp=OCSSWT9A&mync=E&cm_sp=swgother-_-OCSSLKT6-OCSSLL9Z-OCSSLL8M-OCSSLL84-OCSSLLAM-OCSSLL9G-OCSSKVFR-OCSSG2D3-OCSS5RRF-OCSSLKSJ-OCSSWT9A-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990 –

https://www.ibm.com/support/pages/node/7269685?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses cryptography-44.0.1-cp39-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007 –

https://www.ibm.com/support/pages/node/7269686?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312 –

https://www.ibm.com/support/pages/node/7269741?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727 –

https://www.ibm.com/support/pages/node/7269742?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx_11_0_arm64.whl which is vulnerable to CVE-2026-24747 –

https://www.ibm.com/support/pages/node/7270948?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.12.2.tgz which is vulnerable to CVE-2026-25639 –

https://www.ibm.com/support/pages/node/7271237?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645 –

https://www.ibm.com/support/pages/node/7271240?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7271239?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7271238?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318 –

https://www.ibm.com/support/pages/node/7271266?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465 –

https://www.ibm.com/support/pages/node/7271267?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz, lodash-es-4.17.22.tgz which is vulnerable to CVE-2025-13465 –

https://www.ibm.com/support/pages/node/7271268?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471 –

https://www.ibm.com/support/pages/node/7271410?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371 –

https://www.ibm.com/support/pages/node/7271269?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-28500 –

https://www.ibm.com/support/pages/node/7271262?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391 –

https://www.ibm.com/support/pages/node/7271261?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228 –

https://www.ibm.com/support/pages/node/7271263?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 –

https://www.ibm.com/support/pages/node/7271265?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 –

https://www.ibm.com/support/pages/node/7271264?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a remote code execution vulnerability and vulnerable to CVE-2025-14914 –

https://www.ibm.com/support/pages/node/7271257?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses socket.io-parser-4.2.4 in inspections app which is vulnerable to CVE-2026-33151 –

https://www.ibm.com/support/pages/node/7271412?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274 –

https://www.ibm.com/support/pages/node/7271260?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.12.2.tgz, axios-1.13.1.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639 –

https://www.ibm.com/support/pages/node/7271258?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by a remote code execution vulnerability (CVE-2025-14914) –

https://www.ibm.com/support/pages/node/7271245?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to this CVE-2026-30922 –

https://www.ibm.com/support/pages/node/7271419?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses requests-2.32.4-py3-none-any.whl, requests-2.32.5-py3-none-any.whl which is vulnerable to CVE-2026-25645 –

https://www.ibm.com/support/pages/node/7271420?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073 –

https://www.ibm.com/support/pages/node/7271421?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-39892 –

https://www.ibm.com/support/pages/node/7271422?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz which is vulnerable to CVE-2026-32141 –

https://www.ibm.com/support/pages/node/7271513?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.13.6.tgz which is vulnerable to CVE-2025-62718 –

https://www.ibm.com/support/pages/node/7271512?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2025-14923 –

https://www.ibm.com/support/pages/node/7271514?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses lodash-4.17.23.tgz, lodash-es-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800 –

https://www.ibm.com/support/pages/node/7271510?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 –

https://www.ibm.com/support/pages/node/7271515?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses immutable-3.8.2.tgz, immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063 –

https://www.ibm.com/support/pages/node/7271511?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.13.6.tgz which is vulnerable to CVE-2026-40175 –

https://www.ibm.com/support/pages/node/7271518?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540 –

https://www.ibm.com/support/pages/node/7271517?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873 –

https://www.ibm.com/support/pages/node/7271519?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539 –

https://www.ibm.com/support/pages/node/7271520?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-29371) –

https://www.ibm.com/support/pages/node/7271568?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 

Security bulletin: Security Bulletin: There is a vulnerability in dompurify-3.2.4.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-15599, CVE-2026-0540) –

https://www.ibm.com/support/pages/node/7271567?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by cross-site scripting used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-12635) –

https://www.ibm.com/support/pages/node/7271563?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34073) –

https://www.ibm.com/support/pages/node/7271577?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a remote code execution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14914) –

https://www.ibm.com/support/pages/node/7271564?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867) –

https://www.ibm.com/support/pages/node/7271575?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin:WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923) –

https://www.ibm.com/support/pages/node/7271570?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLLAM&mynp=OCSSLL9Z&mynp=OCSSLKT6&mynp=OCSSLKSJ&mynp=OCSS5RRF&mynp=OCSSLL84&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSKVFR&mynp=OCSSG2D3&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLLAM-OCSSLL9Z-OCSSLKT6-OCSSLKSJ-OCSS5RRF-OCSSLL84-OCSSLL9G-OCSSLL8M-OCSSKVFR-OCSSG2D3-_-E

Security bulletin: Security Bulletin: There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33671) –

https://www.ibm.com/support/pages/node/7271565?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 
View full post