IBM Datacap 9.1.7-9.1.9 Access Control Bypass via Direct URL
CVE-2026-9610 Published on June 22, 2026
Multiple Vulnerabilities in IBM Datacap
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.
Vulnerability Analysis
CVE-2026-9610 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is a forced browsing Vulnerability?
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. Web applications susceptible to direct request attacks often make the false assumption that such resources can only be reached through a given navigation path and so only apply authorization at certain points in the path.
CVE-2026-9610 has been classified to as a forced browsing vulnerability or weakness.
Products Associated with CVE-2026-9610
stack.watch emails you whenever new vulnerabilities are published in IBM Datacap or IBM Datacap Navigator. Just hit a watch button to start following.
Affected Versions
IBM Datacap:- Version 9.1.7, <= 1.8.4 is affected.
- Version 9.1.8 is affected.
- Version 9.1.9 is affected.
- Version 9.1.7, <= 8.2.1.0 is affected.
- Version 9.1.8 is affected.
- Version 9.1.9 is affected.