CVE-2026-1726
Modified Modified - Updated After Analysis
Improper Access Control in IBM Guardium Key Lifecycle Manager

Publication date: 2026-04-23

Last updated on: 2026-06-11

Assigner: IBM Corporation

Description
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-23
Last Modified
2026-06-11
Generated
2026-06-16
AI Q&A
2026-04-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1726
EUVD
EUVD-2026-25127
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
ibm guardium_key_lifecycle_manager 4.1.0
ibm guardium_key_lifecycle_manager 4.1.1
ibm guardium_key_lifecycle_manager 4.2.0
ibm guardium_key_lifecycle_manager 4.2.1
ibm guardium_key_lifecycle_manager 5.0.0
ibm guardium_key_lifecycle_manager 5.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1726 is a security vulnerability in IBM Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1.

It is classified under CWE-269: Improper Privilege Management, meaning the vulnerability arises from incorrect handling of user privileges.

This flaw allows an attacker with low privileges to remotely exploit the system over the network without requiring user interaction.

Impact Analysis

The vulnerability impacts the confidentiality and integrity of the system, potentially allowing unauthorized access or modification of sensitive data.

Since it requires only low privileges and no user interaction, an attacker could exploit this remotely, increasing the risk of data breaches or unauthorized changes.

However, it does not affect system availability.

Mitigation Strategies

IBM recommends that customers promptly update their IBM Guardium Key Lifecycle Manager systems to remediate this vulnerability.

The fix is included in the IBM Guardium Key Lifecycle Manager version 5.1.0-ISS-GKLM-FP0001 fix pack, which is available for download via IBM Passport Advantage.

No specific workarounds or mitigations are provided other than applying the fix.

Compliance Impact

The provided information does not specify how CVE-2026-1726 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1726. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart