Skip to main content

IBM Datacap CVE-2026-9610

| EUVDEUVD-2026-38287 MEDIUM
Direct Request ('Forced Browsing') (CWE-425)
2026-06-22 ibm GHSA-gc5m-j868-gqpq
5.3
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
LOW
qualitative
NVD
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
2.3 LOW

Local attack vector and high privileges required because exploitation needs both host-level access and existing elevated credentials; only limited confidentiality impact applies with no integrity or availability effect.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Severity Changed
Jun 26, 2026 - 21:22 NVD
LOW MEDIUM
CVSS changed
Jun 26, 2026 - 21:22 NVD
2.3 (LOW) 5.3 (MEDIUM)
Analysis Generated
Jun 22, 2026 - 16:07 vuln.today

DescriptionNVD

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.

AnalysisAI

Forced browsing exposure in IBM Datacap and IBM Datacap Navigator 9.1.7 through 9.1.9 allows a highly privileged local user to access application resources and functionality not surfaced in the UI by constructing direct URL requests, bypassing the intended UI-driven access control model. The impact is limited to partial confidentiality disclosure (C:L) with no integrity or availability consequence, and no exploitation has been confirmed - no public exploit code exists and this CVE is absent from the CISA KEV catalog. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege local access to Datacap host
Delivery
Identify hidden application URL paths via source review or documentation
Exploit
Craft direct HTTP or file-system request to unlisted endpoint
Execution
Receive application response bypassing UI access control
Impact
Read restricted confidentiality-limited data

Vulnerability AssessmentAI

Exploitation Exploitation requires local system access (AV:L per CVSS vector) and high privileges on the host (PR:H per CVSS vector) - meaning the attacker must already be a highly privileged user on the system running IBM Datacap or Datacap Navigator. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The overall risk profile of this vulnerability is very low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with high-level privileges on the IBM Datacap host - such as an administrator who should not have access to a specific functional area - identifies an unlinked application URL (for example, through source inspection, error messages, or documentation) and navigates directly to it, bypassing the UI-enforced access restriction to retrieve sensitive application data or invoke hidden functionality. No public proof-of-concept code exists for this vulnerability at the time of analysis.
Remediation IBM has released a patch addressing this vulnerability; the exact fixed version should be confirmed at the IBM support advisory located at https://www.ibm.com/support/pages/node/7276609. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-39736 CRITICAL
9.8 Jul 15

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper v

CVE-2026-8636 HIGH
7.5 Jun 22

Sensitive-data disclosure in IBM Datacap and Datacap Navigator (versions 9.1.7, 9.1.8, 9.1.9) lets an attacker recover u

CVE-2024-39731 HIGH
7.5 Jul 15

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that coul

CVE-2024-39732 HIGH
7.5 Jul 14

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that cou

CVE-2026-8059 MEDIUM
6.1 Jun 22

Cross-site scripting in IBM Datacap and Datacap Navigator 9.1.7 through 9.1.9 allows unauthenticated remote attackers to

CVE-2024-39733 MEDIUM
5.5 Jul 14

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores user credentials in plain clear text which can be rea

CVE-2024-39730 MEDIUM
5.4 Jun 28

IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim.

CVE-2025-36027 MEDIUM
5.4 Jun 28

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By pe

CVE-2024-39735 MEDIUM
5.4 Jul 15

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. Rated medium severity

CVE-2024-39728 MEDIUM
5.4 Jul 15

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to stored cross-site scripting. Rated medium s

CVE-2024-39741 MEDIUM
5.3 Jul 15

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the

CVE-2024-39740 MEDIUM
5.3 Jul 15

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could all

Share

CVE-2026-9610 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy