Skip to main content

IBM Guardium Key Lifecycle Manager CVE-2026-1726

| EUVDEUVD-2026-25127 MEDIUM
Improper Privilege Management (CWE-269)
2026-04-23 psirt@us.ibm.com GHSA-26px-prvq-fgpx
4.8
CVSS 3.1 · Vendor: us
Share

Severity by source

Vendor (us) PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (us) · only source for this CVE.

CVSS VectorVendor: us

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 23, 2026 - 13:22 vuln.today
CVSS changed
Apr 23, 2026 - 13:22 NVD
4.8 (MEDIUM)
EUVD ID Assigned
Apr 23, 2026 - 00:22 euvd
EUVD-2026-25127
Analysis Generated
Apr 23, 2026 - 00:22 vuln.today
CVE Published
Apr 23, 2026 - 00:16 nvd
MEDIUM 4.8

DescriptionCVE.org

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1

AnalysisAI

Improper privilege management in IBM Guardium Key Lifecycle Manager versions 4.1 through 5.1 allows remote unauthenticated attackers to achieve limited confidentiality and integrity compromise through a network attack requiring high complexity. The vulnerability stems from inadequate access control enforcement that permits elevation of privileges without authentication, affecting a widely deployed enterprise key management solution.

Technical ContextAI

IBM Guardium Key Lifecycle Manager is an enterprise solution for managing cryptographic key lifecycles across hybrid cloud environments. The vulnerability is rooted in CWE-269 (Improper Access Control), indicating that the application fails to properly enforce authorization checks on sensitive operations. The network-accessible attack vector (AV:N) combined with high complexity (AC:H) suggests the exploit requires specific conditions or manipulation of the system state that are not trivially achievable, though the mechanism does not require prior authentication (PR:N). The affected product handles sensitive key material, making even limited confidentiality and integrity impact significant in cryptographic contexts.

RemediationAI

Apply the latest IBM Guardium Key Lifecycle Manager patch version that addresses CVE-2026-1726; users should consult the IBM security advisory at https://www.ibm.com/support/pages/node/7268697 for specific fix version numbers for their current release track. Until patching is possible, implement network segmentation to restrict unauthenticated access to Guardium Key Lifecycle Manager administrative interfaces, ensuring only authorized systems can communicate with the product on affected network ports. Disable unnecessary administrative features or interfaces if not required for operational key lifecycle management. Monitor authentication logs and failed access attempts for suspicious patterns indicative of exploitation attempts. Given the high complexity requirement (AC:H), the vulnerability may be difficult to exploit in production environments, allowing time for planned patching cycles rather than emergency mitigation.

Share

CVE-2026-1726 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy