CVE-2026-1346
Privilege Escalation in IBM Verify and Security Access Containers
Publication date: 2026-04-08
Last updated on: 2026-04-09
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | verify_identity_access | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
| ibm | security_verify_access_container | From 10.0.0.0 (inc) to 10.0.9.1 (inc) |
| ibm | verify_identity_access_container | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
| ibm | security_verify_access | From 10.0.0 (inc) to 10.0.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM Verify Identity Access Container and IBM Security Verify Access products in certain versions. It allows a locally authenticated user to escalate their privileges to root because the software executes with more privileges than necessary.
How can this vulnerability impact me? :
The vulnerability can allow an attacker who already has local access to the system to gain root-level privileges. This means they could take full control of the affected system, potentially leading to unauthorized access, data manipulation, or disruption of services.