Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2026-1346
Critical
Low
Medium
High
Critical
9.3
CVSS Score
Vulnerability Description
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
C
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
21 configuration(s) from 1 vendor(s)
security_verify_access
Version:
10.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.1.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.6
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.6:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.1.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*
security_verify_access
Version:
10.0.7.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.5
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.5:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.1
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.1:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.7:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.4.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.7
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.7:*:*:*:*:*:*:*
verify_identity_access
Version:
11.0.0
CPE:
cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.8
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.8:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.3.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.0.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.2.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
security_verify_access
Version:
10.0.9.0
CPE:
cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*
This vulnerability affects 21 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
9.3
out of 10.0
Critical
Weakness Type (CWE)
CWE-250
Execution with Unnecessary Privileges
- Description
- The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- April 08, 2026
