CVE-2026-4364

Name of the Vulnerable Software and Affected Versions IBM Verify Identity Access Container versions 11.0 through 11.0.2 IBM Security Verify Access Container versions 10.0 through 10.0.9.1 IBM Verify Identity Access versions 11.0 through 11.0.2 IBM Security Verify Access versions 10.0 through 10.0.9.1

Description The software incorrectly specifies the response Content-Type as text/html when delivering a JSON payload for certificate listings retrieved via a browser session. Browsers may interpret the JSON data as executable script under certain conditions, creating an opportunity for JavaScript injection and potential cross-site scripting (XSS).

Recommendations Update IBM Verify Identity Access Container to a version later than 11.0.2. Update IBM Security Verify Access Container to a version later than 10.0.9.1. Update IBM Verify Identity Access to a version later than 11.0.2. Update IBM Security Verify Access to a version later than 10.0.9.1.