CVE-2026-1726
Last modified
CVE-2026-1726 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Guardium Key Lifecycle Manager | 4.1.0 |
| Ibm | Guardium Key Lifecycle Manager | 4.1.1 |
| Ibm | Guardium Key Lifecycle Manager | 4.2.0 |
| Ibm | Guardium Key Lifecycle Manager | 4.2.1 |
| Ibm | Guardium Key Lifecycle Manager | 5.0.0 |
| Ibm | Guardium Key Lifecycle Manager | 5.1.0 |
References
- https://www.ibm.com/support/pages/node/7268697Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-1726?
How severe is CVE-2026-1726?
How do I fix CVE-2026-1726?
Are you affected by CVE-2026-1726?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST