CVE-2026-5926
Received Received - Intake
Weak Cryptography in IBM Verify Access Risks Data Decryption

Publication date: 2026-04-23

Last updated on: 2026-04-23

Assigner: IBM Corporation

Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-23
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-04-23
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5926
EUVD
EUVD-2026-25135
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
ibm verify_identity_access_container From 11.0 (inc) to 11.0.2 (inc)
ibm security_verify_access_container From 10.0 (inc) to 10.0.9.1 (inc)
ibm verify_identity_access From 11.0 (inc) to 11.0.2 (inc)
ibm security_verify_access From 10.0 (inc) to 10.0.9.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves IBM Verify Identity Access and IBM Security Verify Access products using weaker-than-expected cryptographic algorithms.

Because of these weak cryptographic algorithms, an attacker could potentially decrypt highly sensitive information that should otherwise be protected.

The affected versions include IBM Verify Identity Access Container 11.0 through 11.0.2, IBM Security Verify Access Container 10.0 through 10.0.9.1, IBM Verify Identity Access 11.0 through 11.0.2, and IBM Security Verify Access 10.0 through 10.0.9.1.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability involves the use of weaker-than-expected cryptographic algorithms that could allow attackers to decrypt highly sensitive information. This exposure of sensitive data could potentially impact compliance with standards and regulations such as GDPR and HIPAA, which require strong protection of personal and sensitive information.

However, the provided information does not explicitly discuss the direct effects on compliance with these or other common standards and regulations.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker to decrypt highly sensitive information, potentially exposing confidential data.

The CVSS score of 6.5 indicates a medium severity with a high impact on confidentiality, meaning that while the attack requires low privileges and no user interaction, the confidentiality of data is significantly at risk.

There is no impact on integrity or availability, so the vulnerability does not allow attackers to alter data or disrupt services.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There are no specific detection methods or commands provided in the available information to identify this vulnerability on your network or system.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to update the affected IBM products to the fixed versions provided by IBM.

  • Update IBM Verify Identity Access to version 11.0.2 Interim Fix 1 (IF1).
  • Update IBM Security Verify Access to version 10.0.9.1 Interim Fix 1 (IF1).

No other workarounds or mitigations are provided aside from applying these updates.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart