NVD HIGH: CVE-2025-36126 — IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 1...

Tuesday, May 26, 2026 at 05:16 PM UTC·Source: NIST NVD

Updated: Monday, June 1, 2026 at 06:01 PM UTC

Executive Summary

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2025-36126

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 26, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Trump Signs Voluntary AI Cyber Review Order

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/trump-signs-voluntary-ai-cyber-review-order-image_small-6-a-31833.jpg" align=right hspace=4><b>White House Cuts Proposed AI Review Period From 90 Days to 30</b><br>President Trump signed an executive order creating a voluntary framework for evaluating advanced AI systems with significant cybersecurity capabilities, directing NSA,

11m agoBank Info Security

MEDIUMVulnerabilityNEW

White House unveils pared-back AI executive order

The order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements.”

28m agoThe Record

MEDIUMVulnerabilityNEW

EBA and NYDFS ink stablecoin MoU

The European Banking Authority (EBA) has signed a Memorandum of Understanding (MoU) with the New York State Department of Financial Services (NYDFS) under the Markets in Crypto-Assets Regulation (MiCA).

51m agoFinextra