{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1726", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-01-30T22:03:35.181Z", "datePublished": "2026-04-22T23:42:05.901Z", "dateUpdated": "2026-06-11T13:46:57.418Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-06-11T13:46:57.418Z"}, "title": "Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Guardium Key Lifecycle Manager", "versions": [{"status": "affected", "version": "4.1.0", "versionType": "semver"}, {"status": "affected", "version": "4.1.1", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "versionType": "semver"}, {"status": "affected", "version": "4.2.1", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "versionType": "semver"}, {"status": "affected", "version": "5.1.0", "versionType": "semver"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\u00a0enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify\u00a0system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust\u00a0in the application's security mechanisms.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1&nbsp;<span>enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify&nbsp;</span><span>system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust&nbsp;</span><span>in the application's security mechanisms.</span></p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7268697", "tags": ["vendor-advisory", "patch"]}], "solutions": [{"lang": "en", "value": "IBM encourages customers to update their systems promptly.\u00a0\n\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.1\n\n1. Download IBM Guardium Key Lifecycle Manager\u00a0 https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><strong>IBM encourages customers to update their systems promptly.\u00a0</strong></p><div><div><table><tbody><tr><td><strong>Principal Product and Version(s)</strong></td><td><strong>Remediation/Fixes</strong></td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.1</td><td><p>1. Download IBM Guardium Key Lifecycle Manager\u00a0<a href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\">(GKLM) v5.1</a> (the product is available for download through<a href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\"> IBM Passport Advantage)</a></p><p>2. Apply <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager&amp;fixids=5.1.0-ISS-GKLM-FP0001&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security\" rel=\"nofollow\">5.1.0-ISS-GKLM-FP0001</a></p></td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.1.1</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.2</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.2.1</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v5.0</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v5.1</td><td>Apply <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager&amp;fixids=5.1.0-ISS-GKLM-FP0001&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security\" rel=\"nofollow\">5.1.0-ISS-GKLM-FP0001</a></td></tr></tbody></table></div></div><p>Download instruction -\u00a0<a href=\"https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\" rel=\"nofollow\">https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions</a></p><p></p><p></p><p></p>"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-1726"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-25T03:55:44.611Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-1726", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T12:57:21.810623Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T12:57:14.651Z"}}], "cna": {"title": "Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager", "affected": [{"cpes": ["cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Guardium Key Lifecycle Manager", "versions": [{"status": "affected", "version": "4.1.0", "versionType": "semver"}, {"status": "affected", "version": "4.1.1", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "versionType": "semver"}, {"status": "affected", "version": "4.2.1", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "versionType": "semver"}, {"status": "affected", "version": "5.1.0", "versionType": "semver"}]}], "solutions": [{"lang": "en", "value": "IBM encourages customers to update their systems promptly.\u00a0\n\nPrincipal Product and Version(s)Remediation/FixesIBM Guardium Key Lifecycle Manager (GKLM) v4.11. Download IBM Guardium Key Lifecycle Manager\u00a0 https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions", "supportingMedia": [{"type": "text/html", "value": "<p><strong>IBM encourages customers to update their systems promptly.\u00a0</strong></p><div><div><table><tbody><tr><td><strong>Principal Product and Version(s)</strong></td><td><strong>Remediation/Fixes</strong></td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.1</td><td><p>1. Download IBM Guardium Key Lifecycle Manager\u00a0<a href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\">(GKLM) v5.1</a> (the product is available for download through<a href=\"https://www.ibm.com/software/passportadvantage/pao-customer\" rel=\"nofollow\"> IBM Passport Advantage)</a></p><p>2. Apply <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager&amp;fixids=5.1.0-ISS-GKLM-FP0001&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security\" rel=\"nofollow\">5.1.0-ISS-GKLM-FP0001</a></p></td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.1.1</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.2</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v4.2.1</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v5.0</td></tr><tr><td>IBM Guardium Key Lifecycle Manager (GKLM) v5.1</td><td>Apply <a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Key+Lifecycle+Manager&amp;fixids=5.1.0-ISS-GKLM-FP0001&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security\" rel=\"nofollow\">5.1.0-ISS-GKLM-FP0001</a></td></tr></tbody></table></div></div><p>Download instruction -\u00a0<a href=\"https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions\" rel=\"nofollow\">https://www.ibm.com/docs/en/gklm/5.x?topic=software-download-instructions</a></p><p></p><p></p><p></p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7268697", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-04-22T23:42:05.901Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1726", "state": "PUBLISHED", "dateUpdated": "2026-04-25T03:55:44.611Z", "dateReserved": "2026-01-30T22:03:35.181Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-04-22T23:42:05.901Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "796C9A46-DCFE-466D-87FB-F913F77137A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "29E1BF84-3EB5-47F2-A49B-A6519F8439AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "164E9640-8B3B-4530-B87F-FCAA42D92163", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "58B08592-B603-42F5-9E64-6ABBDAA55045", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F154D82B-C124-439C-870D-8956686461B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:guardium_key_lifecycle_manager:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CD71532-C852-4E47-BA23-1DA5388E95E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1\u00a0enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify\u00a0system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust\u00a0in the application's security mechanisms."}], "id": "CVE-2026-1726", "lastModified": "2026-06-11T14:16:26.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-23T00:16:44.920", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7268697"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Guardium Key Lifecycle Manager", "source": "cna", "vendor": "IBM"}, "product": "guardium_key_lifecycle_manager", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-04-29T02:20:59.079345+00:00", "value": {"mitigation_remediation": ["Download and install IBM Guardium Key Lifecycle Manager v4.11 from the IBM support site", "Verify that only authorized administrators can access key\u2011management APIs and enforce correct role assignments", "Enable and review audit logging for key\u2011management operations to detect abnormal activity"], "summary": {"action": "Patch ASAP", "impact": "Unauthorized key management or privilege escalation"}, "threat_synthesis": {"affected_systems": "The affected product is IBM Guardium Key Lifecycle Manager. Versions impacted include 4.1.0, 4.1.1, 4.2.0, 4.2.1, 5.0.0, and 5.1.0, as well as all corresponding 4.x and 5.x sub\u2011versions identified in the supplied CPE strings.", "description_and_impact": "Multiple vulnerabilities have been identified in IBM Guardium Key Lifecycle Manager versions 4.1 through 5.1. The CVE record specifies the affected releases as 4.1, 4.1.1, 4.2, 4.2.1, 5.0 and 5.1, and the associated CWE\u2011269 indicates a weakness in privilege management. The description and vendor advisory do not provide explicit details about the technical implementation of the flaws, but the CWE tag implies that an attacker might be able to misuse or bypass the intended access controls for key\u2011management operations.", "risk_and_exploitability": "The CVSS base score of 4.8 indicates a moderate severity, while the EPSS score of less than 1% reflects a very low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Because no attack vector is specified in the CVE data, the likely exploitation path is inferred from the CWE\u2011269 association and would require some form of authenticated or elevated access to the Key Lifecycle Manager service."}}}}, "created": "2026-04-28T04:45:22.295690+00:00", "updated": "2026-04-29T02:30:07.573496+00:00", "vendors": ["ibm", "ibm$PRODUCT$guardium_key_lifecycle_manager"]}