CVE-2026-1726 (GCVE-0-2026-1726)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:42 – Updated: 2026-06-11 13:46
VLAI
Title
Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager
Summary
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7268697 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Guardium Key Lifecycle Manager |
Affected:
4.1.0
(semver)
Affected: 4.1.1 (semver) Affected: 4.2.0 (semver) Affected: 4.2.1 (semver) Affected: 5.0.0 (semver) Affected: 5.1.0 (semver) cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-1726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T03:55:44.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Guardium Key Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.1.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.2.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\u0026nbsp;\u003cspan\u003eenables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify\u0026nbsp;\u003c/span\u003e\u003cspan\u003esystem configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust\u0026nbsp;\u003c/span\u003e\u003cspan\u003ein the application\u0027s security mechanisms.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\u00a0enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify\u00a0system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust\u00a0in the application\u0027s security mechanisms."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T13:46:57.418Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7268697"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u00a0\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003ePrincipal Product and Version(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fixes\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.1\u003c/td\u003e\u003ctd\u003e\u003cp\u003e1. Download IBM Guardium Key Lifecycle Manager\u00a0\u003ca href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\"\u003e(GKLM) v5.1\u003c/a\u003e (the product is available for download through\u003ca href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\"\u003e IBM Passport Advantage)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e2. Apply \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager\u0026amp;fixids=5.1.0-ISS-GKLM-FP0001\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\" rel=\"nofollow\"\u003e5.1.0-ISS-GKLM-FP0001\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.2\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.2.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v5.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v5.1\u003c/td\u003e\u003ctd\u003eApply \u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager\u0026amp;fixids=5.1.0-ISS-GKLM-FP0001\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\" rel=\"nofollow\"\u003e5.1.0-ISS-GKLM-FP0001\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eDownload instruction -\u00a0\u003ca href=\"https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\u00a0\n\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.1\n\n1. Download IBM Guardium Key Lifecycle Manager\u00a0 https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-1726",
"datePublished": "2026-04-22T23:42:05.901Z",
"dateReserved": "2026-01-30T22:03:35.181Z",
"dateUpdated": "2026-06-11T13:46:57.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-1726",
"date": "2026-06-16",
"epss": "0.00194",
"percentile": "0.09197"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-1726\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-04-23T00:16:44.920\",\"lastModified\":\"2026-06-11T14:16:26.853\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\u00a0enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify\u00a0system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust\u00a0in the application\u0027s security mechanisms.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796C9A46-DCFE-466D-87FB-F913F77137A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29E1BF84-3EB5-47F2-A49B-A6519F8439AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"164E9640-8B3B-4530-B87F-FCAA42D92163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58B08592-B603-42F5-9E64-6ABBDAA55045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F154D82B-C124-439C-870D-8956686461B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD71532-C852-4E47-BA23-1DA5388E95E0\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7268697\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1726\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-23T12:57:21.810623Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-23T12:57:14.651Z\"}}], \"cna\": {\"title\": \"Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Guardium Key Lifecycle Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.1.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.1.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.2.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.2.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.1.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM encourages customers to update their systems promptly.\\u00a0\\n\\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.1\\n\\n1. Download IBM Guardium Key Lifecycle Manager\\u00a0 https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\\u00a0\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003ePrincipal Product and Version(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRemediation/Fixes\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.1\u003c/td\u003e\u003ctd\u003e\u003cp\u003e1. Download IBM Guardium Key Lifecycle Manager\\u00a0\u003ca href=\\\"https://www.ibm.com/software/passportadvantage/pao-customer\\\" rel=\\\"nofollow\\\"\u003e(GKLM) v5.1\u003c/a\u003e (the product is available for download through\u003ca href=\\\"https://www.ibm.com/software/passportadvantage/pao-customer\\\" rel=\\\"nofollow\\\"\u003e IBM Passport Advantage)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e2. Apply \u003ca href=\\\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager\u0026amp;fixids=5.1.0-ISS-GKLM-FP0001\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\\\" rel=\\\"nofollow\\\"\u003e5.1.0-ISS-GKLM-FP0001\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.1.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.2\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v4.2.1\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v5.0\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Guardium Key Lifecycle Manager (GKLM) v5.1\u003c/td\u003e\u003ctd\u003eApply \u003ca href=\\\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager\u0026amp;fixids=5.1.0-ISS-GKLM-FP0001\u0026amp;source=SAR\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\\\" rel=\\\"nofollow\\\"\u003e5.1.0-ISS-GKLM-FP0001\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eDownload instruction -\\u00a0\u003ca href=\\\"https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\\\" rel=\\\"nofollow\\\"\u003ehttps://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7268697\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\\u00a0enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify\\u00a0system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust\\u00a0in the application\u0027s security mechanisms.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\u0026nbsp;\u003cspan\u003eenables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify\u0026nbsp;\u003c/span\u003e\u003cspan\u003esystem configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust\u0026nbsp;\u003c/span\u003e\u003cspan\u003ein the application\u0027s security mechanisms.\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-06-11T13:46:57.418Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-1726\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-11T13:46:57.418Z\", \"dateReserved\": \"2026-01-30T22:03:35.181Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-04-22T23:42:05.901Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…