Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Details
CVSS v3
5.4
NVD published
2025-09-22 21:15:59
EPSS
<0.1% probability · 1.1th percentile — 2026-03-16
Affected versions
Not available in our cache.
Summary
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.