{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1726","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2026-01-30T22:03:35.181Z","datePublished":"2026-04-22T23:42:05.901Z","dateUpdated":"2026-06-11T13:46:57.418Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-06-11T13:46:57.418Z"},"title":"Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"Guardium Key Lifecycle Manager","versions":[{"status":"affected","version":"4.1.0","versionType":"semver"},{"status":"affected","version":"4.1.1","versionType":"semver"},{"status":"affected","version":"4.2.0","versionType":"semver"},{"status":"affected","version":"4.2.1","versionType":"semver"},{"status":"affected","version":"5.0.0","versionType":"semver"},{"status":"affected","version":"5.1.0","versionType":"semver"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1&nbsp;<span>enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify&nbsp;</span><span>system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust&nbsp;</span><span>in the application's security mechanisms.</span></p>"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7268697","tags":["vendor-advisory","patch"]}],"solutions":[{"lang":"en","value":"IBM encourages customers to update their systems promptly. \n\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.1\n\n1. Download IBM Guardium Key Lifecycle Manager  https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><strong>IBM encourages customers to update their systems promptly. </strong></p><div><div><table><tbody><tr><td><strong>Principal Product and Version(s)</strong></td><td><strong>Remediation/Fixes</strong></td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.1</td><td><p>1. Download IBM Guardium Key Lifecycle Manager <a href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\">(GKLM) v5.1</a> (the product is available for download through<a href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\"> IBM Passport Advantage)</a></p><p>2. Apply <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager&amp;fixids=5.1.0-ISS-GKLM-FP0001&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security\" rel=\"nofollow\">5.1.0-ISS-GKLM-FP0001</a></p></td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.1.1</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.2</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.2.1</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v5.0</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v5.1</td><td>Apply <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager&amp;fixids=5.1.0-ISS-GKLM-FP0001&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security\" rel=\"nofollow\">5.1.0-ISS-GKLM-FP0001</a></td></tr></tbody></table></div></div><p>Download instruction - <a href=\"https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\" rel=\"nofollow\">https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions</a></p><p></p><p></p><p></p>"}]}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.8,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-04-24T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-1726"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-25T03:55:44.611Z"}}]}}