Is IBM affected by EUVD-2026-19998?

CVE-2026-1343 is a Server-Side Request Forgery vulnerability affecting IBM Verify Identity Access and Security Verify Access versions 10.0-11.0.2 that allows unauthenticated attackers to bypass the Reverse Proxy and contact internal authentication endpoints, risking unauthorized access to…

EUVD-2026-19998

| CVE-2026-1343 HIGH

2026-04-08 ibm

GHSA-249q-vrhp-j59w

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Apr 08, 2026 - 01:00 euvd

EUVD-2026-19998

Analysis Generated

Apr 08, 2026 - 01:00 vuln.today

Patch Released

Apr 08, 2026 - 01:00 nvd

Patch available

CVE Published

Apr 08, 2026 - 00:10 nvd

HIGH 7.2

Description

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are protected by the Reverse Proxy.

Analysis

Server-Side Request Forgery (SSRF) in IBM Verify Identity Access and Security Verify Access products (versions 10.0-11.0.2) allows unauthenticated remote attackers to contact internal authentication endpoints that should be protected by the Reverse Proxy component. This bypass enables attackers to interact with restricted internal services, potentially leading to unauthorized information disclosure and limited integrity impact. …

Remediation

Within 24 hours: Inventory all IBM Verify Identity Access and Security Verify Access deployments and identify instances running versions 10.0-11.0.2; isolate affected systems from untrusted networks if feasible. Within 7 days: Apply vendor-released patches to all affected systems; verify patch deployment and test in non-production environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

EUVD-2026-19998 vulnerability details – vuln.today

Back

EUVD-2026-19998

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-19998

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code