Bypass Business Logic Vulnerability in IBM Guardium Data Protection
CVE-2026-1274

4.9MEDIUM

Key Information:

Vendor: IBM
Status: Guardium Data Protection
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-1274?

IBM Guardium Data Protection versions 12.0, 12.1, and 12.2 are susceptible to a bypass business logic vulnerability within the access management control panel. This vulnerability could allow unauthorized access to sensitive functionalities, potentially compromising data security. It is critical for users to apply the latest patches provided by IBM to mitigate the risks associated with this vulnerability.

Affected Version(s)

Guardium Data Protection 12.0 <= 9.6.0

Guardium Data Protection 12.1

Guardium Data Protection 12.2

References

https://www.ibm.com/support/pages/node/7269445

vendor-advisorypatch

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Jan 20, 2026

CVE-2026-1274 Data

JSON