IBM has disclosed a critical vulnerability (CVE-2026-12943) in its Power Hardware Management Console (HMC), rated CVSS 9.8. This vulnerability allows unauthenticated attackers to execute arbitrary OS commands due to improper input validation. Affected versions include HMC V10.3.1050.0 to V10.3.1064.0 and V11.1.1110.0 to V11.1.1112.0, posing significant risks to enterprise networks as the HMC manages critical system functionalities. No active exploitation has been reported as of yet. IBM recommends immediate patching to secure systems against potential attacks.
IBM patches critical HMC flaw letting hackers run system commands
CyberSIXT Evidence Panel
Article by CyberSIXT