CVE-2026-5926
Received
Received - Intake
Weak Cryptography in IBM Verify Access Risks Data Decryption
Vulnerability report for CVE-2026-5926, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-23
Last updated on: 2026-04-23
Assigner: IBM Corporation
Description
Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | verify_identity_access_container | From 11.0 (inc) to 11.0.2 (inc) |
| ibm | security_verify_access_container | From 10.0 (inc) to 10.0.9.1 (inc) |
| ibm | verify_identity_access | From 11.0 (inc) to 11.0.2 (inc) |
| ibm | security_verify_access | From 10.0 (inc) to 10.0.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |