IBM Identity and Verify Access Vulnerabilities Could Expose Sensitive Data and Enable System Compromise

Related

Hackers Exploit Critical Auth Bypass in Gitea Docker Image

What happened Hackers are actively exploiting a critical authentication bypass...

Zimbra Urges Customers to Patch Critical Web Client XSS Flaw

What happened Zimbra urged customers to patch a critical stored...

Progress Urges ShareFile Customers to Shut Down Servers Over Credible Threat

What happened Progress Software warned ShareFile customers using Storage Zone...

Ubiquiti Discloses 25 Security Flaws Across UniFi Ecosystem

What happened Ubiquiti disclosed 25 security vulnerabilities affecting products across...

AirDrop and Quick Share Flaws Allow Attackers to Crash Nearby Devices

What happened Security researchers disclosed multiple vulnerabilities affecting Apple AirDrop...

Share

What happened

Multiple vulnerabilities in IBM Verify Identity Access and IBM Security Verify Access could allow attackers to access sensitive information, escalate privileges, execute commands, or disrupt affected systems. The issues affect versions 10.0 through 11.0.2, including related container deployments. Among the flaws are HTTP request smuggling issues tracked as CVE-2026-2862 and CVE-2026-1491, which can let a remote unauthenticated attacker exploit inconsistent reverse proxy handling to expose internal web traffic and bypass security checks. The update also addresses several higher-severity issues, including CVE-2026-1188, a critical buffer overflow flaw; CVE-2026-1346, which can let a locally authenticated user escalate privileges to root in the container; and CVE-2026-1345, an OS command injection vulnerability that can allow unauthenticated command execution. 

Who is affected

The direct exposure affects organizations using IBM Verify Identity Access and IBM Security Verify Access versions 10.0 through 11.0.2, including customers running container deployments. The bulletin also makes clear that container users need updated images in addition to standard software fixes. 

Why CISOs should care

This matters because the flaws span several high-impact attack paths across core identity and access infrastructure, including sensitive data exposure, root privilege escalation, command execution, authentication bypass under load, and denial of service. It also raises urgency because IBM said there are no official workarounds or mitigations available beyond applying the fixes. 

3 practical actions

  1. Patch affected deployments immediately: Upgrade to IBM Verify Identity Access v11.0.2 IF1 or IBM Security Verify Access v10.0.9.1 IF1 as recommended by IBM. 
  2. Update container environments separately: Pull the latest updated container images if you are running affected container deployments. 
  3. Treat identity infrastructure as a priority remediation zone: Move these fixes to the front of the queue because the disclosed flaws affect systems that sit directly in authentication and access control workflows. 

For more news about security flaws that can expose sensitive data and compromise enterprise systems, click Vulnerability to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.