CVE-2026-7364 in Verify Identity Access
Summary
by MITRE • 07/17/2026
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/17/2026
This vulnerability represents a critical open redirect flaw that affects multiple IBM security products including IBM Verify Identity Access and IBM Security Verify Access across various versions. The vulnerability stems from improper validation of redirect URLs within the authentication and access management frameworks, creating an exploitable condition where malicious actors can craft specific requests to manipulate user navigation flows. According to CWE-601, this falls under open redirect vulnerabilities where applications redirect users to untrusted domains without proper validation, potentially leading to sophisticated phishing campaigns that can bypass security awareness training.
The technical implementation of this vulnerability allows attackers to construct malicious URLs that appear legitimate within the context of trusted IBM security applications. When victims click on these crafted links, they are seamlessly redirected to attacker-controlled websites that can mimic the legitimate authentication interfaces. This creates an ideal environment for credential theft and data exfiltration attacks, as users are often unaware they are being redirected to malicious sites. The vulnerability impacts both containerized and standard deployments, amplifying the potential attack surface across various organizational environments.
From an operational perspective, this vulnerability poses significant risk to enterprise security posture as it can be exploited remotely without requiring any special privileges or access credentials. Attackers can leverage this flaw to conduct large-scale phishing campaigns targeting employees of organizations using these IBM security products. The impact extends beyond simple credential theft to include potential privilege escalation and lateral movement within networks, especially when combined with other exploitation techniques. This vulnerability directly maps to attack patterns described in the MITRE ATT&CK framework under T1566 for Phishing and T1071 for Application Layer Protocol usage.
Organizations should implement immediate mitigations including input validation controls that sanitize redirect URLs and reject any attempts to redirect to external domains outside of explicitly trusted lists. Network-level protections such as web application firewalls and URL filtering systems can provide additional layers of defense against exploitation attempts. Regular security assessments should verify that all redirect functionality properly validates destination URLs and enforces strict domain whitelisting policies. Patch management procedures must be prioritized to ensure timely deployment of vendor-provided fixes while maintaining detailed monitoring for any suspicious redirect patterns or unauthorized access attempts within authentication logs.