CVE-2026-9610
Analyzed
Analyzed - Analysis Complete
Unauthorized Access via Unlinked URL in IBM Datacap
Vulnerability report for CVE-2026-9610, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-22
Last updated on: 2026-06-26
Assigner: IBM Corporation
Description
Description
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | datacap | 9.1.7 |
| ibm | datacap_navigator | 9.1.7 |
| ibm | datacap_navigator | 9.1.8 |
| ibm | datacap_navigator | 9.1.9 |
| ibm | datacap | 9.1.8 |
| ibm | datacap | 9.1.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-425 | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |