Remote Info Disclosure in IBM Verify Access via Proxy (before 10.0.9.1)
CVE-2026-2862 Published on April 1, 2026
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
Vulnerability Analysis
CVE-2026-2862 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2026-2862 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Products Associated with CVE-2026-2862
Want to know whenever a new CVE is published for IBM products? stack.watch will email you.
Affected Versions
IBM Verify Identity Access Container:- Version 11.0, <= 11.0.2 is affected.
- Version 10.0, <= 10.0.9.1 is affected.
- Version 11.0, <= 11.0.2 is affected.
- Version 10.0, <= 10.0.9.1 is affected.