PatchSiren cyber security CVE debrief
CVE-2026-4870 IBM CVE debrief
CVE-2026-4870 is a HIGH severity vulnerability in IBM Qiskit SDK versions 0.43.0 through 2.5.0. The vulnerability could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser. The CVSS score for this vulnerability is 7.5.
- Vendor
- IBM
- Product
- Qiskit SDK
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of IBM Qiskit SDK versions 0.43.0 through 2.5.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by uncontrolled recursion in the parser of IBM Qiskit SDK. This could allow an attacker to trigger a segmentation fault leading to a denial of service.
Defensive priority
HIGH
Recommended defensive actions
- Users should update to a version of IBM Qiskit SDK that is not vulnerable.
- Users can refer to [ref-4] for more information on the vulnerability and potential mitigations.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide additional information on this vulnerability.
Official resources
-
CVE-2026-4870 CVE record
CVE.org
-
CVE-2026-4870 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-4870 was published on 2026-06-12T21:16:23.963Z and has not been modified since then.