IBM Datacap & Navigator 9.1.7-9.1.9: Credential Leak (CVE-2026-8636)
CVE-2026-8636 Published on June 22, 2026

Multiple Vulnerabilities in IBM Datacap
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-8636 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Cleartext Storage of Sensitive Information in Memory

The application stores sensitive information in cleartext in memory.

Products Associated with CVE-2026-8636

stack.watch emails you whenever new vulnerabilities are published in IBM Datacap or IBM Datacap Navigator. Just hit a watch button to start following.

IBM Datacap

IBM Datacap Navigator

Affected Versions

IBM Datacap:

Version 9.1.7, <= 1.8.4 is affected.
Version 9.1.8 is affected.
Version 9.1.9 is affected.

IBM Datacap Navigator:

Version 9.1.7, <= 8.2.1.0 is affected.
Version 9.1.8 is affected.
Version 9.1.9 is affected.

IBM Datacap & Navigator 9.1.7-9.1.9: Credential Leak (CVE-2026-8636)CVE-2026-8636 Published on June 22, 2026

Vulnerability Analysis

Weakness Type

Cleartext Storage of Sensitive Information in Memory

Products Associated with CVE-2026-8636

Affected Versions

IBM Datacap & Navigator 9.1.7-9.1.9: Credential Leak (CVE-2026-8636)
CVE-2026-8636 Published on June 22, 2026