IBM Verify Access/Container before 11.0.3/10.0.9.2 Auth Bypass Under Load
CVE-2026-4101 Published on April 1, 2026
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Vulnerability Analysis
CVE-2026-4101 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2026-4101 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2026-4101
Want to know whenever a new CVE is published for IBM products? stack.watch will email you.
Affected Versions
IBM Verify Identity Access Container:- Version 11.0, <= 11.0.2 is affected.
- Version 10.0, <= 10.0.9.1 is affected.
- Version 11.0, <= 11.0.2 is affected.
- Version 10.0, <= 10.0.9.1 is affected.