CVE-2026-1342
Script Injection Vulnerability in IBM Verify Identity Access Container
Publication date: 2026-04-08
Last updated on: 2026-04-09
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | verify_identity_access | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
| ibm | security_verify_access_container | From 10.0.0.0 (inc) to 10.0.9.1 (inc) |
| ibm | verify_identity_access_container | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
| ibm | security_verify_access | From 10.0.0 (inc) to 10.0.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM Verify Identity Access Container versions 11.0 through 11.0.2 and IBM Security Verify Access Container versions 10.0 through 10.0.9.1, as well as IBM Verify Identity Access and IBM Security Verify Access in the same version ranges. It allows a locally authenticated user to execute malicious scripts from outside of their control sphere.
How can this vulnerability impact me? :
The vulnerability can have a significant impact as it allows a locally authenticated user to execute malicious scripts, potentially leading to unauthorized actions. According to the CVSS v3.1 score of 8.5, it has high impact on confidentiality, low impact on integrity, and low impact on availability, indicating that sensitive information could be exposed or compromised.