CVE-2026-9610

Summary

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.

Affected Software

VendorProductVersion RangeStatus
IBMDatacap9.1.7 <= 1.8.4affected
IBMDatacap9.1.8affected
IBMDatacap9.1.9affected
IBMDatacap Navigator9.1.7 <= 8.2.1.0affected
IBMDatacap Navigator9.1.8affected
IBMDatacap Navigator9.1.9affected

Weaknesses

  • CWE-425: CWE-425 Direct Request ('Forced Browsing')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References