CVE-2026-1342

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7268253	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_verify_access::::::::
	cpe:2.3:a:ibm:security_verify_access_container::::::::
	cpe:2.3:a:ibm:verify_identity_access::::::::
	cpe:2.3:a:ibm:verify_identity_access_container::::::::

History

09 Apr 2026, 18:29

Type	Values Removed	Values Added
First Time		Ibm security Verify Access Ibm verify Identity Access Container Ibm security Verify Access Container Ibm Ibm verify Identity Access
References	~~() https://www.ibm.com/support/pages/node/7268253 -~~	() https://www.ibm.com/support/pages/node/7268253 - Vendor Advisory
CPE		cpe:2.3:a:ibm:verify_identity_access:::::::: cpe:2.3:a:ibm:verify_identity_access_container:::::::: cpe:2.3:a:ibm:security_verify_access:::::::: cpe:2.3:a:ibm:security_verify_access_container::::::::

08 Apr 2026, 00:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-08 00:16

Updated : 2026-04-09 18:29

NVD link : CVE-2026-1342

Mitre link : CVE-2026-1342

CVE.ORG link : CVE-2026-1342

JSON object : View

Products Affected

ibm

verify_identity_access_container
security_verify_access
security_verify_access_container
verify_identity_access

CWE

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

{"id": "CVE-2026-1342", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 2.0}]}, "published": "2026-04-08T00:16:03.860", "references": [{"url": "https://www.ibm.com/support/pages/node/7268253", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere."}], "lastModified": "2026-04-09T18:29:07.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C71B5C3B-4B1F-4330-9260-26B349CAE490", "versionEndIncluding": "10.0.9.1", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "674B3E72-09DE-48D4-9F07-43152474E8CD", "versionEndIncluding": "10.0.9.1", "versionStartIncluding": "10.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "980521A4-FDCB-4EC4-9871-6CD57DEC14E1", "versionEndIncluding": "11.0.2.0", "versionStartIncluding": "11.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FDCBF44-E483-4248-A39E-CB9226FF4BC9", "versionEndIncluding": "11.0.2.0", "versionStartIncluding": "11.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}