{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1491","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2026-01-27T14:29:01.426Z","datePublished":"2026-04-01T20:44:24.310Z","dateUpdated":"2026-04-08T00:18:04.049Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-04-08T00:18:04.049Z"},"title":"Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-444","description":"CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"Verify Identity Access Container","versions":[{"status":"affected","version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"Security Verify Access Container","versions":[{"status":"affected","version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"Verify Identity Access","versions":[{"status":"affected","version":"11.0","lessThanOrEqual":"11.0.2","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"Security Verify Access","versions":[{"status":"affected","version":"10.0","lessThanOrEqual":"10.0.9.1","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.</p>"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7268253","tags":["vendor-advisory","patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}],"solutions":[{"lang":"en","value":"IBM encourages customers to update their systems promptly.Appliance: Affected Products and VersionsFix availabilityIBM Verify Identity Access 11.0 - 11.0.2Download IBM Verify Identity Access v11.0.2 IF1IBM Security Verify Access 10.0 - 10.0.9.1Download IBM Security Verify Access v10.0.9.1 IF1Container:Container Download","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><strong>IBM encourages customers to update their systems promptly.</strong></p><p></p><p><strong>Appliance: </strong></p><div><table><thead><tr><td><p><strong>Affected Products and Versions</strong></p></td><td><p><strong>Fix availability</strong></p></td></tr><tr><td><p>IBM Verify Identity Access 11.0 - 11.0.2</p></td><td><p><a href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access&amp;fixids=11.0.2.0-ISS-IVIA-IF0001&amp;source=SAR\" rel=\"nofollow\">Download IBM Verify Identity Access v11.0.2 IF1</a></p></td></tr><tr><td><p>IBM Security Verify Access 10.0 - 10.0.9.1</p></td><td><p><a href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access&amp;fixids=10.0.9.1-ISS-ISVA-IF0001&amp;source=SAR\" rel=\"nofollow\">Download IBM Security Verify Access v10.0.9.1 IF1</a></p></td></tr></thead></table></div><p></p><p><strong>Container:</strong></p><p><a href=\"https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers\" rel=\"nofollow\">Container Download</a></p>"}]}],"x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-1491","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-04-03T13:45:26.430568Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-03T13:56:05.184Z"}}]}}