IBM Verify and IBM Security Verify Access: Unrestricted Access to Internal Authentication Endpoints

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

IBM Verify and IBM Security Verify Access: Unrestricted Access to Internal Authentication Endpoints

CVE-2026-1343

Summary

Certain IBM Verify and IBM Security Verify Access versions allow an attacker to bypass security restrictions and access internal authentication endpoints, which could lead to unauthorized access to sensitive information. This could happen if an attacker is able to exploit this issue, which means it's essential to update to the latest version to prevent this from happening. We recommend upgrading to the latest patch or version to maintain the security of your system.

Original title

Original description

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.

nvd CVSS3.1 7.2

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://www.ibm.com/support/pages/node/7268253

Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026