CVE-2026-4101
Published: 01 April 2026
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2026-4101 is an authentication bypass vulnerability affecting IBM Verify Identity Access Container versions 11.0 through 11.0.2, IBM Security Verify Access Container versions 10.0 through 10.0.9.1, IBM Verify Identity Access versions 11.0 through 11.0.2, and IBM Security Verify Access versions 10.0 through 10.0.9.1. Under certain load conditions, an attacker can bypass authentication mechanisms to gain unauthorized access to the application. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-287 (Improper Authentication).
A remote attacker requires no privileges or user interaction to exploit this issue over the network, though it demands high attack complexity and specific load conditions on the affected system. Successful exploitation allows the attacker to bypass authentication entirely, achieving unauthorized access to the application with high impacts on confidentiality, integrity, and availability.
IBM has issued a security advisory with details on the vulnerability and mitigation steps, available at https://www.ibm.com/support/pages/node/7268253.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables unauthenticated remote attackers to bypass authentication in public-facing IBM Security Verify Access applications under specific conditions, directly facilitating T1190: Exploit Public-Facing Application.