CVE-2026-8636
Analyzed Analyzed - Analysis Complete

IBM Datacap Password and Key Exposure Vulnerability

Vulnerability report for CVE-2026-8636, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-22

Last updated on: 2026-06-26

Assigner: IBM Corporation

Description

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-22
Last Modified
2026-06-26
Generated
2026-07-13
AI Q&A
2026-06-22
EPSS Evaluated
2026-07-11
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
ibm datacap 9.1.7
ibm datacap_navigator 9.1.7
ibm datacap_navigator 9.1.8
ibm datacap_navigator 9.1.9
ibm datacap 9.1.8
ibm datacap 9.1.9

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-316 The product stores sensitive information in cleartext in memory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects IBM Datacap versions 9.1.7, 9.1.8, and 9.1.9, as well as IBM Datacap Navigator versions 9.1.7, 9.1.8, and 9.1.9. It allows an attacker to retrieve user passwords and cryptographic keys directly from memory.

With these keys, the attacker can decrypt passwords, gain unauthorized access to the application, and access sensitive data stored in the database.

Impact Analysis

The vulnerability can lead to unauthorized access to the IBM Datacap application by allowing attackers to obtain user passwords and cryptographic keys.

This unauthorized access can result in exposure of sensitive data stored in the database, potentially leading to data breaches and loss of confidentiality.

Compliance Impact

This vulnerability allows an attacker to retrieve user passwords and cryptographic keys from memory, which can be used to decrypt passwords, gain unauthorized access to the application, and access sensitive data stored in the database.

Such unauthorized access to sensitive data could lead to violations of data protection regulations and standards such as GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access and breaches.

Therefore, exploitation of this vulnerability may result in non-compliance with these regulations due to potential data breaches and inadequate protection of sensitive information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8636. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart