CVE-2026-1491

Published Apr 1, 2026

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-1491 is an HTTP request smuggling vulnerability impacting IBM Verify Identity Access and IBM Security Verify Access products. This flaw arises from an inconsistent interpretation of HTTP requests by a reverse proxy. Specifically, this inconsistency can enable a remote attacker to access sensitive information. The vulnerability affects IBM Verify Identity Access Container versions 11.0 through 11.0.2, IBM Security Verify Access Container versions 10.0 through 10.0.9.1, and IBM Verify Identity Access versions 11.0 through 11.0.2, as well as IBM Security Verify Access versions 10.0 through 10.0.9.1.

Description: IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
Source: psirt@us.ibm.com
NVD status: Analyzed
Products: security_verify_access, security_verify_access_container, verify_identity_access, verify_identity_access_container

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

psirt@us.ibm.com: CWE-444

Hype score: Not currently trending

IBM Identity and Verify Accessで複数の脆弱性が修正。CVE-2026-2862及びCVE-2026-1491はCVSSスコア5.3のHTTPリクエストスマグリングで、内部ウェブトラフィック露出の可能性。重大(Critical)なバッファオーバーフローCVE-2026-1188
@__kokumoto
8 Apr 2026
711 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "11212874-804C-42B2-AF5F-116F5C367237",
            "versionEndIncluding": "10.0.9.1",
            "versionStartIncluding": "10.0.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_verify_access_container:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "674B3E72-09DE-48D4-9F07-43152474E8CD",
            "versionEndIncluding": "10.0.9.1",
            "versionStartIncluding": "10.0.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "980521A4-FDCB-4EC4-9871-6CD57DEC14E1",
            "versionEndIncluding": "11.0.2.0",
            "versionStartIncluding": "11.0.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ibm:verify_identity_access_container:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "3FDCBF44-E483-4248-A39E-CB9226FF4BC9",
            "versionEndIncluding": "11.0.2.0",
            "versionStartIncluding": "11.0.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.