InfoSecBulletin Cybersecurity for mankind
A security bulletin alert points out several flaws in IMB Verify Identity Access and Security Verify Access products. Tracked as CVE-2026-2862 and CVE-2026-1491, these flaws in HTTP request smuggling come from problems with reverse proxy management and have a CVSS score of 5.3. A remote attacker who is not logged in can use this flaw to make the proxy server reveal internal web traffic.
CVE-2026-1188 (CVSS 9.8): A critical buffer overflow flaw in the Eclipse OMR port library. The system does not calculate buffer sizes correctly when reading processor features. This allows an attacker to cause a memory overflow, which can take over the entire system.
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CVE-2026-1346 (CVSS 9.3): A severe flaw in the Security Verify Access Container that allows a locally authenticated user to escalate their system privileges directly to root.
CVE-2023-46233 (CVSS 9.1): A major weakness was found in the crypto-js library. The library defaults to SHA-1, an outdated and insecure hashing algorithm, and uses only a single iteration to set password difficulty. This severely weakens password and signature protections against brute-force attacks.
CVE-2026-1342 (CVSS 8.5): A vulnerability in the Container platform that lets locally authenticated users execute malicious scripts from an untrusted control sphere.
CVE-2026-4101 (CVSS 8.1): Under certain heavy load conditions, remote attackers could bypass existing authentication mechanisms and gain unauthorized entry into the application.
CVE-2026-1345 (CVSS 7.3): An OS command injection vulnerability allowing unauthenticated users to execute arbitrary commands due to improper input validation.
The bulletin talks about CVE-2026-1343 (Server-Side Request Forgery), CVE-2025-12635 (Cross-Site Scripting), and some Java SE resource use issues.
These security flaws affect IBM Verify Identity Access and IBM Security Verify Access versions 10.0 to 11.0.2, as well as their Container uses.
If these security problems are not fixed, bad actors could get sensitive information, gain higher system access, or completely stop the application from working.
Organizations that use these authentication platforms need to act fast to fix their systems.
