{"api_version":"1","generated_at":"2026-06-22T01:44:34+00:00","cve":"CVE-2026-1726","urls":{"html":"https://cve.report/CVE-2026-1726","api":"https://cve.report/api/cve/CVE-2026-1726.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-1726","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-1726"},"summary":{"title":"Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager","description":"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.","state":"PUBLISHED","assigner":"ibm","published_at":"2026-04-23 00:16:44","updated_at":"2026-06-11 14:16:26"},"problem_types":["CWE-269","NVD-CWE-noinfo","CWE-269 CWE-269 Improper Privilege Management"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"4.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"4.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}}],"references":[{"url":"https://www.ibm.com/support/pages/node/7268697","name":"https://www.ibm.com/support/pages/node/7268697","refsource":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-1726","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1726","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"IBM","product":"Guardium Key Lifecycle Manager","version":"affected 4.1.0 semver","platforms":[]},{"source":"CNA","vendor":"IBM","product":"Guardium Key Lifecycle Manager","version":"affected 4.1.1 semver","platforms":[]},{"source":"CNA","vendor":"IBM","product":"Guardium Key Lifecycle Manager","version":"affected 4.2.0 semver","platforms":[]},{"source":"CNA","vendor":"IBM","product":"Guardium Key Lifecycle Manager","version":"affected 4.2.1 semver","platforms":[]},{"source":"CNA","vendor":"IBM","product":"Guardium Key Lifecycle Manager","version":"affected 5.0.0 semver","platforms":[]},{"source":"CNA","vendor":"IBM","product":"Guardium Key Lifecycle Manager","version":"affected 5.1.0 semver","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"IBM encourages customers to update their systems promptly. \n\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.1\n\n1. Download IBM Guardium Key Lifecycle Manager  https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"1726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"guardium_key_lifecycle_manager","cpe6":"4.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"1726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"guardium_key_lifecycle_manager","cpe6":"4.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"1726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"guardium_key_lifecycle_manager","cpe6":"4.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"1726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"guardium_key_lifecycle_manager","cpe6":"4.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"1726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"guardium_key_lifecycle_manager","cpe6":"5.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"1726","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"guardium_key_lifecycle_manager","cpe6":"5.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"1726","cve":"CVE-2026-1726","epss":"0.001940000","percentile":"0.091970000","score_date":"2026-06-17","updated_at":"2026-06-18 00:11:05"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-1726","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-24T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-25T03:55:44.611Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Guardium Key Lifecycle Manager","vendor":"IBM","versions":[{"status":"affected","version":"4.1.0","versionType":"semver"},{"status":"affected","version":"4.1.1","versionType":"semver"},{"status":"affected","version":"4.2.0","versionType":"semver"},{"status":"affected","version":"4.2.1","versionType":"semver"},{"status":"affected","version":"5.0.0","versionType":"semver"},{"status":"affected","version":"5.1.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.

"}],"value":"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-11T13:46:57.418Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7268697"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

IBM encourages customers to update their systems promptly. 

Principal Product and Version(s)Remediation/Fixes
IBM Guardium Key Lifecycle Manager (GKLM) v4.1

1. Download IBM Guardium Key Lifecycle Manager (GKLM) v5.1 (the product is available for download through IBM Passport Advantage)

2. Apply 5.1.0-ISS-GKLM-FP0001

IBM Guardium Key Lifecycle Manager (GKLM) v4.1.1
IBM Guardium Key Lifecycle Manager (GKLM) v4.2
IBM Guardium Key Lifecycle Manager (GKLM) v4.2.1
IBM Guardium Key Lifecycle Manager (GKLM) v5.0
IBM Guardium Key Lifecycle Manager (GKLM) v5.1Apply 5.1.0-ISS-GKLM-FP0001

Download instruction - https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions

"}],"value":"IBM encourages customers to update their systems promptly. \n\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.1\n\n1. Download IBM Guardium Key Lifecycle Manager  https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions"}],"source":{"discovery":"UNKNOWN"},"title":"Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager","x_generator":{"engine":"ibm-cvegen"}}},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2026-1726","datePublished":"2026-04-22T23:42:05.901Z","dateReserved":"2026-01-30T22:03:35.181Z","dateUpdated":"2026-06-11T13:46:57.418Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-23 00:16:44","lastModifiedDate":"2026-06-11 14:16:26","problem_types":["CWE-269","NVD-CWE-noinfo","CWE-269 CWE-269 Improper Privilege Management"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"796C9A46-DCFE-466D-87FB-F913F77137A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"29E1BF84-3EB5-47F2-A49B-A6519F8439AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"164E9640-8B3B-4530-B87F-FCAA42D92163"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"58B08592-B603-42F5-9E64-6ABBDAA55045"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F154D82B-C124-439C-870D-8956686461B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"5CD71532-C852-4E47-BA23-1DA5388E95E0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"1726","Ordinal":"1","Title":"Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager","CVE":"CVE-2026-1726","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"1726","Ordinal":"1","NoteData":"IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.","Type":"Description","Title":"Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager"}]}}}