CVE-2026-8861

Summary

IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.

Affected Software

VendorProductVersion RangeStatus
IBMVerify Identity Access11.0 <= 11.0.2affected
IBMSecurity Verify Access10.0 <= 10.0.9.1affected
IBMVerify Identity Access Container11.0 <= 11.0.2affected
IBMSecurity Verify Access Container10.0 <= 10.0.9.1affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

References