IBM Verify Access Container 10.0-10.9.1/11.0-11.0.2 Weak Crypto Decrypt Risk
CVE-2026-5926 Published on April 22, 2026
Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Vulnerability Analysis
CVE-2026-5926 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.
Products Associated with CVE-2026-5926
Want to know whenever a new CVE is published for IBM products? stack.watch will email you.
Affected Versions
IBM Verify Identity Access Container:- Version 11.0, <= 11.0.2 is affected.
- Version 10.0, <= 10.0.9.1 is affected.
- Version 11.0, <= 11.0.2 is affected.
- Version 10.0, <= 10.0.9.1 is affected.