CVE-2026-2475
low-risk
Published 2026-04-01
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.1/10
Low
NETWORK
/ HIGH complexity
Affected Products (4)
Security Verify Access Container
Verify Identity Access
Verify Identity Access Container
Affected Vendors
References (1)
Vendor Advisory
https://www.ibm.com/support/pages/node/7268253
21
/ 100
low-risk
Severity
11/34 · Low
Exploitability
0/34 · Minimal
Exposure
10/34 · Low