Skip to main content

IBM CVE-2026-1276

| EUVDEUVD-2026-13041 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-19 ibm
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 19, 2026 - 02:30 euvd
EUVD-2026-13041
Analysis Generated
Mar 19, 2026 - 02:30 vuln.today
Patch released
Mar 19, 2026 - 02:30 nvd
Patch available
CVE Published
Mar 19, 2026 - 01:55 nvd
MEDIUM 5.4

DescriptionCVE.org

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

AnalysisAI

IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code. An attacker with valid credentials can exploit this vulnerability to alter UI functionality and potentially steal session credentials or perform actions on behalf of the victim user within their trusted session. A patch is available from the vendor, though no public exploitation toolkit or widespread active exploitation has been reported at the time of this analysis.

Technical ContextAI

This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), which represents a failure in input sanitization or output encoding in web applications. The affected product is IBM QRadar SIEM (cpe:2.3:a:ibm:qradar_siem:*:*:*:*:*:*:*:*), a security information and event management platform that provides centralized threat detection and compliance monitoring. The XSS flaw exists within QRadar's Web UI rendering engine, where user-supplied input is not adequately escaped or sanitized before being rendered as HTML/JavaScript in the browser context. This allows an authenticated attacker to inject malicious script payloads that execute with the privileges of the victim's authenticated session, bypassing same-origin policy restrictions through the stored or reflected XSS vector.

RemediationAI

Immediately apply the vendor-supplied patch available from IBM Support at https://www.ibm.com/support/pages/node/7266709. For QRadar SIEM 7.5.0 installations, apply Update Package 15 or later once released and tested in a non-production environment. Organizations unable to patch immediately should implement compensating controls including: (1) restrict Web UI access to trusted internal networks or VPNs via firewall rules, (2) enforce Content Security Policy (CSP) headers at the reverse proxy layer to restrict inline script execution, (3) monitor Web UI access logs for suspicious JavaScript payloads in query parameters and request bodies, and (4) conduct security awareness training emphasizing avoidance of clicking suspicious links within QRadar Web UI. Prioritize patching within 30 days given the authentication requirement and the sensitive nature of credential exposure in a SIEM platform.

Share

CVE-2026-1276 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy