CVE-2026-1726
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Guardium Key Lifecycle Manager | 4.1.0 | affected |
| IBM | Guardium Key Lifecycle Manager | 4.1.1 | affected |
| IBM | Guardium Key Lifecycle Manager | 4.2.0 | affected |
| IBM | Guardium Key Lifecycle Manager | 4.2.1 | affected |
| IBM | Guardium Key Lifecycle Manager | 5.0.0 | affected |
| IBM | Guardium Key Lifecycle Manager | 5.1.0 | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.