CVE-2026-8636
Undergoing Analysis Undergoing Analysis - In Progress
IBM Datacap Password and Key Exposure Vulnerability

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: IBM Corporation

Description
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-22
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-8636
EUVD
EUVD-2026-38283
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
ibm datacap 9.1.7
ibm datacap 9.1.8
ibm datacap 9.1.9
ibm datacap_navigator 9.1.7
ibm datacap_navigator 9.1.8
ibm datacap_navigator 9.1.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-316 The product stores sensitive information in cleartext in memory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an attacker to retrieve user passwords and cryptographic keys from memory, which can be used to decrypt passwords, gain unauthorized access to the application, and access sensitive data stored in the database.

Such unauthorized access to sensitive data could lead to violations of data protection regulations and standards such as GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access and breaches.

Therefore, exploitation of this vulnerability may result in non-compliance with these regulations due to potential data breaches and inadequate protection of sensitive information.

Executive Summary

This vulnerability affects IBM Datacap versions 9.1.7, 9.1.8, and 9.1.9, as well as IBM Datacap Navigator versions 9.1.7, 9.1.8, and 9.1.9. It allows an attacker to retrieve user passwords and cryptographic keys directly from memory.

With these keys, the attacker can decrypt passwords, gain unauthorized access to the application, and access sensitive data stored in the database.

Impact Analysis

The vulnerability can lead to unauthorized access to the IBM Datacap application by allowing attackers to obtain user passwords and cryptographic keys.

This unauthorized access can result in exposure of sensitive data stored in the database, potentially leading to data breaches and loss of confidentiality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8636. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart