Remote Code Execution Vulnerability in IBM Verify Identity Access and Security Access
CVE-2026-2862

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Verify Identity Access Container; Security Verify Access Container; Verify Identity Access; Security Verify Access
Vendor: CVE Published:; 1 April 2026

What is CVE-2026-2862?

A vulnerability exists in IBM's Verify Identity Access and Security Access products that could enable a remote attacker to access sensitive information. This flaw arises from the inconsistent interpretation of HTTP requests when handled by a reverse proxy. Due to this inconsistency, attackers might exploit the situation to gain unauthorized access to confidential data, raising serious security concerns for affected environments.

Affected Version(s)

Security Verify Access 10.0 <= 10.0.9.1

Security Verify Access Container 10.0 <= 10.0.9.1

Verify Identity Access 11.0 <= 11.0.2

References

https://www.ibm.com/support/pages/node/7268253

vendor-advisorypatch

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Feb 20, 2026

CVE-2026-2862 Data

JSON