Plattform
ibm
Komponente
verify-identity-access
Behoben in
11.0.3
10.0.10
11.0.3
10.0.10
CVE-2026-1343 is a reverse proxy bypass vulnerability affecting IBM Verify Identity Access. This flaw allows attackers to circumvent the intended security layer and directly access internal authentication endpoints, potentially leading to unauthorized access and compromise of user credentials. The vulnerability impacts versions 10.0 through 11.0.2. A fix is available from IBM.
Successful exploitation of CVE-2026-1343 allows an attacker to bypass the reverse proxy protecting IBM Verify Identity Access's internal authentication services. This direct access enables attackers to potentially craft malicious requests, impersonate legitimate users, and gain unauthorized access to sensitive data, including user credentials and session tokens. The blast radius extends to any system relying on IBM Verify Identity Access for authentication, potentially impacting a wide range of applications and services. While no direct data exfiltration is explicitly mentioned, the ability to authenticate as a user opens the door to further exploitation and data compromise.
CVE-2026-1343 was publicly disclosed on 2026-04-08. There is no indication of active exploitation or KEV listing at the time of writing. Public proof-of-concept (PoC) code is not currently available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on IBM Verify Identity Access for single sign-on (SSO) and multi-factor authentication (MFA) are at significant risk. Environments with weak network segmentation or inadequate WAF configurations are particularly vulnerable. Shared hosting environments utilizing IBM Verify Identity Access should be assessed for potential cross-tenant impact.
• ibm: Examine access logs for requests bypassing the reverse proxy, specifically targeting internal authentication endpoints. Look for unusual patterns or requests originating from unexpected sources.
• generic web: Use curl to probe for direct access to internal authentication endpoints. For example, curl <internalauthendpoint>.
• generic web: Review response headers for signs of internal server exposure, such as revealing internal IP addresses or server names.
disclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-1343 is to upgrade to a patched version of IBM Verify Identity Access as soon as it becomes available. Until the upgrade can be performed, implement temporary workarounds. A Web Application Firewall (WAF) can be configured to block direct access to internal authentication endpoints. Specifically, rules should be created to prevent requests bypassing the reverse proxy. Review and strengthen network segmentation to limit the potential impact of a successful attack. After upgrade, confirm functionality by attempting authentication through the standard access paths and verifying that internal endpoints are no longer directly accessible.
Aplique las actualizaciones de seguridad proporcionadas por IBM para IBM Verify Identity Access Container y IBM Security Verify Access Container a las versiones corregidas. Consulte la nota de soporte de IBM (https://www.ibm.com/support/pages/node/7268253) para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones y mitigar la vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1343 is a vulnerability allowing attackers to bypass the reverse proxy in IBM Verify Identity Access, potentially granting unauthorized access to internal authentication endpoints. It has a CVSS score of 7.2 (HIGH).
You are affected if you are using IBM Verify Identity Access versions 10.0 through 11.0.2. Check your version and upgrade as soon as possible.
Upgrade to a patched version of IBM Verify Identity Access. As a temporary workaround, configure a WAF to block direct access to internal authentication endpoints.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests it could be easily exploited once a PoC is developed.
Refer to the official IBM Security Bulletin for CVE-2026-1343 on the IBM Security Support website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.