CVE-2026-15995: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in IBM Cognos Analytics
IBM Cognos Analytics 12.1.3 GA Version with build number through 12.1.3-2606251736 could allow an attacker to obtain incorrect report summary results or cause report-processing failures due to a race condition in the Agentic AI assistant's concurrent request-handling logic when multiple authenticated users submit report-related tasks simultaneously.
AI Analysis
Technical Summary
This vulnerability is a CWE-362 race condition in IBM Cognos Analytics 12.1.3 GA (builds through 12.1.3-2606251736). The flaw occurs in the Agentic AI assistant's handling of concurrent report-related requests from multiple authenticated users, leading to improper synchronization. This can result in incorrect report summaries or failures during report processing. The CVSS 3.1 base score is 5.4 (medium), reflecting low confidentiality and integrity impacts and no availability impact. No vendor advisory or patch information is currently available.
Potential Impact
An attacker with authenticated access can exploit this race condition to cause incorrect report summary results or disrupt report processing. The impact is limited to data integrity and correctness of reports, with no direct availability or confidentiality compromise indicated.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider limiting concurrent report submissions by multiple users or applying any recommended workarounds from IBM once available.
CVE-2026-15995: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in IBM Cognos Analytics
Description
IBM Cognos Analytics 12.1.3 GA Version with build number through 12.1.3-2606251736 could allow an attacker to obtain incorrect report summary results or cause report-processing failures due to a race condition in the Agentic AI assistant's concurrent request-handling logic when multiple authenticated users submit report-related tasks simultaneously.
CVSS v3.1
Score 5.4medium
Affected software
cpe:2.3:a:ibm:cognos_analytics:12.1.3:*:*:*:*:*:*:*cpe:2.3:a:ibm:cognos_analytics:12.1.3-2606251736:*:*:*:*:*:*:*Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability is a CWE-362 race condition in IBM Cognos Analytics 12.1.3 GA (builds through 12.1.3-2606251736). The flaw occurs in the Agentic AI assistant's handling of concurrent report-related requests from multiple authenticated users, leading to improper synchronization. This can result in incorrect report summaries or failures during report processing. The CVSS 3.1 base score is 5.4 (medium), reflecting low confidentiality and integrity impacts and no availability impact. No vendor advisory or patch information is currently available.
Potential Impact
An attacker with authenticated access can exploit this race condition to cause incorrect report summary results or disrupt report processing. The impact is limited to data integrity and correctness of reports, with no direct availability or confidentiality compromise indicated.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider limiting concurrent report submissions by multiple users or applying any recommended workarounds from IBM once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- ibm
- Date Reserved
- 2026-07-16T21:12:15.436Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a5b5eae2d1edb114c7fb30a
Added to database: 07/18/2026, 11:08:30 UTC
Last enriched: 07/18/2026, 11:52:23 UTC
Last updated: 07/18/2026, 13:34:55 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.