IBM Engineering Lifecycle Management versions 7.0.3 (up to Interim Fix 021), 7.1.0 (up to Interim Fix 009), and 7.2.0 (up to Interim Fix 001) contain a vulnerability identified as CVE-2026-4051. This vulnerability arises from an exposed method or function that lacks proper access restrictions, enabling an attacker with administrative privileges to execute remote code on the affected system. The CVSS v3.1 base score is 7.2, reflecting high severity with network attack vector, low attack complexity, high privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The vulnerability is classified under CWE-749 (Exposed Dangerous Method or Function). No patch or official remediation level has been disclosed by IBM as of the publication date.

An attacker with administrative privileges on the affected IBM Engineering Lifecycle Management installations could exploit this vulnerability to execute arbitrary remote code. This could lead to full compromise of the affected system, impacting confidentiality, integrity, and availability. However, exploitation requires administrative privileges, which limits the attack surface to already privileged users. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the IBM vendor advisory for current remediation guidance. Since no official patch or remediation level has been published, organizations should monitor IBM's security advisories for updates. Until a fix is available, restrict administrative access to trusted personnel only and apply principle of least privilege to limit exposure.