CVE-2026-1343

CWE-918Server-Side Request Forgery (SSRF)5 documents5 sources
Severity
7.2HIGH
EPSS
0.0%
top 87.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
IBM Security Verify AccessIBM Security Verify Access ContainerIBM Verify Identity Access+1 more
Timeline
PublishedApr 8
Latest updateApr 10

Description

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages8 packages

CVEListV5ibm/security_verify_access_container10.010.0.9.1
CVEListV5ibm/verify_identity_access_container11.011.0.2
NVDibm/security_verify_access_container10.0.0.010.0.9.1
NVDibm/verify_identity_access_container11.0.0.011.0.2.0
CVEListV5ibm/security_verify_access10.010.0.9.1

🔴Vulnerability Details

3
VulDB
IBM Verify Identity Access Container server-side request forgery (CNNVD-202604-1896)2026-04-10
GHSA
GHSA-249q-vrhp-j59w: IBM Verify Identity Access Container 112026-04-08
CVEList
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access2026-04-08

🕵️Threat Intelligence

1
Wiz
CVE-2026-1343 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-1343 (HIGH CVSS 7.2) | IBM Verify Identity Access Containe | cvebase.io