Search

IBM Identity and Verify Access Vulnerabilities Could Expose Sensitive Data and Enable System Compromise

Cyber threats and incidents
By Evan Rowe

Related

Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Illinois Financial Services Industry

Illinois remains one of the country’s most important financial...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Video Game Industry

California’s video game industry runs on always-on platforms, global...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Media & Entertainment Industry

California’s media and entertainment sector depends on cybersecurity leaders...
Read more
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Insurance Industry

California’s insurance sector depends on cybersecurity leaders who can...
Read more
Founders, Analysts & Industry Voices

CISOs to Watch in California’s Automotive Industry

California’s automotive sector is being reshaped by electrification, connected...
Read more

Share

What happened

Multiple vulnerabilities in IBM Verify Identity Access and IBM Security Verify Access could allow attackers to access sensitive information, escalate privileges, execute commands, or disrupt affected systems. The issues affect versions 10.0 through 11.0.2, including related container deployments. Among the flaws are HTTP request smuggling issues tracked as CVE-2026-2862 and CVE-2026-1491, which can let a remote unauthenticated attacker exploit inconsistent reverse proxy handling to expose internal web traffic and bypass security checks. The update also addresses several higher-severity issues, including CVE-2026-1188, a critical buffer overflow flaw; CVE-2026-1346, which can let a locally authenticated user escalate privileges to root in the container; and CVE-2026-1345, an OS command injection vulnerability that can allow unauthenticated command execution. 

Who is affected

The direct exposure affects organizations using IBM Verify Identity Access and IBM Security Verify Access versions 10.0 through 11.0.2, including customers running container deployments. The bulletin also makes clear that container users need updated images in addition to standard software fixes. 

Why CISOs should care

This matters because the flaws span several high-impact attack paths across core identity and access infrastructure, including sensitive data exposure, root privilege escalation, command execution, authentication bypass under load, and denial of service. It also raises urgency because IBM said there are no official workarounds or mitigations available beyond applying the fixes. 

3 practical actions

  1. Patch affected deployments immediately: Upgrade to IBM Verify Identity Access v11.0.2 IF1 or IBM Security Verify Access v10.0.9.1 IF1 as recommended by IBM. 
  2. Update container environments separately: Pull the latest updated container images if you are running affected container deployments. 
  3. Treat identity infrastructure as a priority remediation zone: Move these fixes to the front of the queue because the disclosed flaws affect systems that sit directly in authentication and access control workflows. 

For more news about security flaws that can expose sensitive data and compromise enterprise systems, click Vulnerability to read more.

Previous article
CISOs to Watch in Texas Energy (Oil, Gas & Renewables)
Next article
Alinto Email Data Leak Exposes 40 Million SMTP Records Tied to Major Companies and French Government Agencies
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in Illinois Financial Services Industry

Illinois remains one of the country’s most important financial...
Founders, Analysts & Industry Voices

Cybersecurity Leaders to Watch in California’s Video Game Industry

California’s video game industry runs on always-on platforms, global...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.