CVE Catalog

CVE-2026-1726

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

IBM Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users.

Risk Assessment

This issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.

Recommendation

It is recommended to update to the latest version of IBM Guardium Key Lifecycle Manager and implement additional security measures to restrict access to administrative operations.

Original NVD description (English source)

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS