anonhaven
Ad

CVE-2026-1342

HIGH CVSS 3.1: 7.9 EPSS 0.01%
Updated Apr 09, 2026
IBM
Parameter Value
CVSS 7.9 (HIGH)
Affected Versions 10.0.0 — 11.0.2.0
Type CWE-829 (Inclusion of Functionality from Untrusted Source)
Vendor IBM
Public PoC No

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-829 Inclusion of Functionality from Untrusted Source

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Ibm Security_Verify_Access
cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
 10.0.0 <= 10.0.9.1
Ibm Security_Verify_Access_Container
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*
 10.0.0.0 <= 10.0.9.1
Ibm Verify_Identity_Access
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*
 11.0.0.0 <= 11.0.2.0
Ibm Verify_Identity_Access_Container
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*
 11.0.0.0 <= 11.0.2.0

References 1

https://www.ibm.com/support/pages/node/7268253
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1346

IBM

7.8

CVE-2026-1343

IBM

7.2

CVE-2025-13044

IBM

6.2

CVE-2026-1243

Microsoft

5.4

CVE-2025-66487

IBM

6.5