CVE-2026-1713
Awaiting Analysis
Awaiting Analysis - Queue
Improper Access Control in IBM MQ Allows Privilege Escalation
Vulnerability report for CVE-2026-1713, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-03
Last updated on: 2026-03-05
Assigner: IBM Corporation
Description
Description
IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | mq | From 9.3.0.0 (inc) to 9.4.5.0 (exc) |
| ibm | mq | From 9.1.0.0 (inc) to 9.1.0.34 (exc) |
| ibm | mq | From 9.2.0.0 (inc) to 9.2.0.41 (exc) |
| ibm | mq | From 9.3.0.0 (inc) to 9.3.0.37 (exc) |
| ibm | mq | From 9.4.0.0 (inc) to 9.4.0.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |