Vulnerability  ·  2026-07-19

IBM Cognos Analytics Agentic AI Assistant Race Condition Causes Incorrect Report Results

VulnerabilityLow impactGlobalCVE-2026-15995
IBM disclosed a medium-severity (CVSS 5.4) concurrency flaw in Cognos Analytics' Agentic AI assistant that can produce incorrect report summaries or cause processing failures under concurrent load.
While not an intrusion vector, this is a data-integrity issue in an agentic AI feature embedded in a widely used BI platform — incorrect AI-generated report summaries delivered to business users under concurrency could silently mislead downstream decision-making.
A race condition in the Agentic AI assistant's concurrent request-handling logic causes incorrect report summary results or report-processing failures when multiple authenticated users submit concurrent requests to the assistant.
IBM Cognos Analytics 12.1.3 GA through build 12.1.3-2606251736
Apply IBM's fix per the security bulletin (support pages node/7280311).
IBM Security Bulletin — Cognos Analytics Agentic AI Assistant Race Condition
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →