Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.
Published: 2026-04-08
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A local authenticated user of IBM Verify Identity Access or IBM Security Verify Access can raise privileges to root because the system runs components with higher privileges than required. This violates least privilege (CWE-250) and allows an attacker to modify configuration, install persistence, and take full control of the host, compromising confidentiality, integrity and availability.

Affected Systems

Installations of IBM Verify Identity Access 11.0, 11.0.1, 11.0.2 and its container image, as well as IBM Security Verify Access 10.0, 10.0.1…10.0.9.1 and its container image are affected. All customers deploying these products in either on‑premise or container environments are at risk.

Risk and Exploitability

The vulnerability scores 9.3 on CVSS v3.1, indicating critical severity, while the EPSS score is below 1% and it is not listed in the CISA KEV catalog. Exploitation requires local authentication and knowledge of the product. An attacker would need physical or remote access that permits a local login. The absence of a remote attack vector reduces spread but does not eliminate risk in environments where local access is compromised.

Generated by OpenCVE AI on April 9, 2026 at 19:52 UTC.

Remediation

Vendor Solution

IBM encourages customers to update their systems promptly. Appliance:  Affected Products and Versions Fix availability IBM Verify Identity Access 11.0 - 11.0.2 Download IBM Verify Identity Access v11.0.2 IF1 https://www.ibm.com/support/fixcentral/quickorder IBM Security Verify Access 10.0 - 10.0.9.1 Download IBM Security Verify Access v10.0.9.1 IF1 https://www.ibm.com/support/fixcentral/quickorder Container: Container Download https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers

OpenCVE Recommended Actions

  • Apply IBM Verify Identity Access v11.0.2 IF1 and IBM Security Verify Access v10.0.9.1 IF1 updates from IBM Support Fix Central.
  • For container deployments, download and replace the affected container images with the patched versions from IBM’s documentation.
  • Verify that services restart with reduced privilege configuration after patching.
  • If patching cannot be applied immediately, limit local authentication to trusted users and monitor for anomalous activity.

Generated by OpenCVE AI on April 9, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.
Title Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
First Time appeared Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
Weaknesses CWE-250
CPEs cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm security Verify Access
Ibm security Verify Access Container
Ibm verify Identity Access
Ibm verify Identity Access Container
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Ibm Security Verify Access Security Verify Access Container Verify Identity Access Verify Identity Access Container
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-04-09T03:55:59.148Z

Reserved: 2026-01-22T16:31:45.579Z

Link: CVE-2026-1346

cve-icon Vulnrichment

Updated: 2026-04-08T15:07:58.757Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T01:16:40.750

Modified: 2026-04-09T18:28:36.327

Link: CVE-2026-1346

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:41:05Z

Weaknesses