Sensitive Credential Exposure in IBM Guardium Data Protection
CVE-2026-8405

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Guardium Data Protection
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8405?

The Long Term Retention (LTR) feature of IBM Guardium Data Protection versions 12.2.1 and 12.2.2 has a vulnerability that can inadvertently expose sensitive credentials when the feature is enabled in debug mode. This situation arises when the debug mode is active, leading to a potential risk of unauthorized access to confidential information. Users are urged to assess their security configurations and apply the relevant updates to ensure protection against this exposure.

Affected Version(s)

Guardium Data Protection 12.2.1 <= 4.4.7 Fix Pack 1

Guardium Data Protection 12.2.2

References

https://www.ibm.com/support/pages/node/7273657

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-8405 Data

JSON