Open Redirect Vulnerability in IBM Verify Identity Access and Security Verify Access
CVE-2026-2475

3.1LOW

Key Information:

Vendor: IBM
Status: Verify Identity Access Container; Security Verify Access Container; Verify Identity Access; Security Verify Access
Vendor: CVE Published:; 1 April 2026

What is CVE-2026-2475?

IBM Verify Identity Access and IBM Security Verify Access are susceptible to an open redirect vulnerability that could allow remote attackers to carry out phishing attacks. By sending a specially crafted request, an attacker can redirect users to malicious websites, potentially leading to unauthorized access or data compromise. This vulnerability affects specific versions of the product containers, making it essential for users to apply the necessary patches to safeguard their systems.

Affected Version(s)

Security Verify Access 10.0 <= 10.0.9.1

Security Verify Access Container 10.0 <= 10.0.9.1

Verify Identity Access 11.0 <= 11.0.2

References

https://www.ibm.com/support/pages/node/7268253

vendor-advisorypatch

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Feb 13, 2026

CVE-2026-2475 Data

JSON