CVE-2026-1491
Received
Received - Intake
Inconsistent HTTP Request Handling in IBM Security Verify Enables Data Exposure
Publication date: 2026-04-01
Last updated on: 2026-04-07
Assigner: IBM Corporation
Description
Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | verify_identity_access | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
| ibm | security_verify_access | From 10.0.0.0 (inc) to 10.0.9.1 (inc) |
| ibm | security_verify_access_container | From 10.0.0.0 (inc) to 10.0.9.1 (inc) |
| ibm | verify_identity_access_container | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM Verify Identity Access Container and IBM Security Verify Access products in certain versions. It allows a remote attacker to access sensitive information because the reverse proxy interprets an HTTP request inconsistently.
How can this vulnerability impact me? :
The vulnerability could allow a remote attacker to gain access to sensitive information without authorization. This could lead to information disclosure, potentially compromising confidentiality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70