IBM Patches Critical Authentication Bypass in Engineering Platform

IBM released an urgent security bulletin for a critical CVE-2026-3660 in IBM Jazz Foundation (CVSS 9.8) where incorrect authorization logic allows unauthenticated remote attackers to modify server property files and bypass authentication; affected IBM Engineering Lifecycle Management versions include 7.0.3 through iFix021, 7.1.0 through iFix009, and 7.2.0 through iFix001, and IBM provides iFix updates (for example iFix022 for 7.0.3) that administrators must install immediately to remediate the issue.