IBM Verify Identity Access Container
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Verify Identity Access Container.
By the Year
In 2026 there have been 9 vulnerabilities in IBM Verify Identity Access Container with an average score of 6.6 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 9 | 6.61 |
It may take a day or so for new Verify Identity Access Container vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Verify Identity Access Container Security Vulnerabilities
IBM Verify Access Privilege Escalation (Local) 10.0-10.0.9.1/11.0-11.0.2
CVE-2026-1346
9.3 - Critical
- April 08, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to root due to execution with unnecessary privileges than required.
Execution with Unnecessary Privileges
IBM Verify Identity Access/10.0-10.0.9.1 Reverse Proxy Bypass
CVE-2026-1343
7.2 - High
- April 08, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.
SSRF
IBM Verify Identity Access Container <=11.0.2: Local Auth Script Injection
CVE-2026-1342
8.5 - High
- April 07, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
Inclusion of Functionality from Untrusted Control Sphere
Open Redirect in IBM Verify Identity Access & Security Verify Access 10-11
CVE-2026-2475
3.1 - Low
- April 01, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.
Open Redirect
IBM Verify Access Proxy HTTP Interpretation Flaw (v10.0-10.0.9.1, v11.0-11.0.2)
CVE-2026-1491
5.3 - Medium
- April 01, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
HTTP Request Smuggling
Remote Info Disclosure in IBM Verify Access via Proxy (before 10.0.9.1)
CVE-2026-2862
5.3 - Medium
- April 01, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
HTTP Request Smuggling
IBM Verify/Verify Access v10-11 exec cmd via input validation
CVE-2026-1345
7.3 - High
- April 01, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input.
Shell injection
IBM Verify Access/Container before 11.0.3/10.0.9.2 Auth Bypass Under Load
CVE-2026-4101
8.1 - High
- April 01, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the application.
authentification
IBM Verify Access XSS via JSON MIME type mismatch in 10.0-11.0.2
CVE-2026-4364
5.4 - Medium
- April 01, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a JSON payload while incorrectly specifying the response Content-Type as text/html. Because the content is delivered with an HTML MIME type, browsers may interpret the JSON data as executable script under certain conditions. This creates an opportunity for JavaScript injection, potentially leading to cross-site scripting (XSS).
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Verify Identity Access Container or by IBM? Click the Watch button to subscribe.
