CVE-2026-4101
Authentication Bypass in IBM Verify and Security Access Containers
Publication date: 2026-04-01
Last updated on: 2026-04-07
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | verify_identity_access | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
| ibm | security_verify_access | From 10.0.0.0 (inc) to 10.0.9.1 (inc) |
| ibm | security_verify_access_container | From 10.0.0.0 (inc) to 10.0.9.1 (inc) |
| ibm | verify_identity_access_container | From 11.0.0.0 (inc) to 11.0.2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM Verify Identity Access Container versions 11.0 through 11.0.2 and IBM Security Verify Access Container versions 10.0 through 10.0.9.1, as well as IBM Verify Identity Access and IBM Security Verify Access in the same version ranges. Under certain load conditions, an attacker could exploit this issue to bypass authentication mechanisms.
By bypassing authentication, the attacker can gain unauthorized access to the affected application.
How can this vulnerability impact me? :
The vulnerability allows an attacker to bypass authentication and gain unauthorized access to the application.
This unauthorized access can lead to a complete compromise of confidentiality, integrity, and availability of the system, as indicated by the high CVSS score (8.1) with high impact on confidentiality, integrity, and availability.