CVE-2026-1726

Summary

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.

Affected Software

VendorProductVersion RangeStatus
IBMGuardium Key Lifecycle Manager4.1.0affected
IBMGuardium Key Lifecycle Manager4.1.1affected
IBMGuardium Key Lifecycle Manager4.2.0affected
IBMGuardium Key Lifecycle Manager4.2.1affected
IBMGuardium Key Lifecycle Manager5.0.0affected
IBMGuardium Key Lifecycle Manager5.1.0affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References