CVE-2026-1342 - Vulnerability Analysis
HighCVSS: 8.5Last Updated: April 8, 2026
IBM Verify Identity Access & Security Verify Access - Stored XSS
Published: April 8, 2026Updated: April 8, 2026
Overview
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 contain a stored XSS caused by execution of malicious scripts from outside the control sphere, letting locally authenticated users execute scripts.
Severity & Score
Severity: High
CVSS Score: 8.5
Impact
Locally authenticated users can execute malicious scripts, potentially leading to session hijacking or privilege escalation.
Mitigation
Update to the latest available version beyond 11.0.2 for Verify Identity Access and 10.0.9.1 for Security Verify Access.
Related Resources
Details
- CVE ID
- CVE-2026-1342
- Severity
- High
- CVSS Score
- 8.5
- Type
- stored_xss
- Status
- new
CWE
- CWE-829
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L