CVE-2026-1346

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7268253	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_verify_access::::::::
	cpe:2.3:a:ibm:security_verify_access_container::::::::
	cpe:2.3:a:ibm:verify_identity_access::::::::
	cpe:2.3:a:ibm:verify_identity_access_container::::::::

History

09 Apr 2026, 18:28

Type	Values Removed	Values Added
First Time		Ibm security Verify Access Ibm verify Identity Access Container Ibm security Verify Access Container Ibm Ibm verify Identity Access
References	~~() https://www.ibm.com/support/pages/node/7268253 -~~	() https://www.ibm.com/support/pages/node/7268253 - Vendor Advisory
CPE		cpe:2.3:a:ibm:verify_identity_access:::::::: cpe:2.3:a:ibm:verify_identity_access_container:::::::: cpe:2.3:a:ibm:security_verify_access:::::::: cpe:2.3:a:ibm:security_verify_access_container::::::::

08 Apr 2026, 01:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-08 01:16

Updated : 2026-04-09 18:28

NVD link : CVE-2026-1346

Mitre link : CVE-2026-1346

CVE.ORG link : CVE-2026-1346

JSON object : View

Products Affected

ibm

verify_identity_access_container
security_verify_access
security_verify_access_container
verify_identity_access

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2026-1346", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-04-08T01:16:40.750", "references": [{"url": "https://www.ibm.com/support/pages/node/7268253", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required."}], "lastModified": "2026-04-09T18:28:36.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C71B5C3B-4B1F-4330-9260-26B349CAE490", "versionEndIncluding": "10.0.9.1", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "674B3E72-09DE-48D4-9F07-43152474E8CD", "versionEndIncluding": "10.0.9.1", "versionStartIncluding": "10.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "980521A4-FDCB-4EC4-9871-6CD57DEC14E1", "versionEndIncluding": "11.0.2.0", "versionStartIncluding": "11.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FDCBF44-E483-4248-A39E-CB9226FF4BC9", "versionEndIncluding": "11.0.2.0", "versionStartIncluding": "11.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}