CVE-2026-1726
MediumCVSS 4.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
IBM Guardium Key Lifecycle Manager versions 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users.
Risk Assessment
This issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.
Recommendation
It is recommended to update to the latest version of IBM Guardium Key Lifecycle Manager and implement additional security measures to restrict access to administrative operations.
Original NVD description (English source)
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.

