CVE-2026-4938
Received
Received - Intake
Cross-Site Request Forgery in IBM Verify Identity Access
Vulnerability report for CVE-2026-4938, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-17
Last updated on: 2026-07-17
Assigner: IBM Corporation
Description
Description
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow an attacker with read-only privileges to make unauthorized modifications and deployments outside of their assigned permissions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | verify_identity_access | From 11.0 (inc) to 11.0.2 (inc) |
| ibm | security_verify_access | From 10.0 (inc) to 10.0.9.1 (inc) |
| ibm | verify_identity_access_container | From 11.0 (inc) to 11.0.2 (inc) |
| ibm | security_verify_access_container | From 10.0 (inc) to 10.0.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |