CVE-2026-9610

LOW

IBM Datacap and Navigator - Forced Browsing Access Control Bypass

Title source: manual
STIX 2.1

Description

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7276609

Scores

CVSS v3 2.3
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-425
Status published
Products (12)
ibm/datacap 9.1.7
ibm/datacap 9.1.8
ibm/datacap 9.1.9
IBM/Datacap 9.1.7 - 1.8.4
IBM/Datacap 9.1.8
IBM/Datacap 9.1.9
IBM/Datacap Navigator 9.1.7 - 8.2.1.0
IBM/Datacap Navigator 9.1.8
IBM/Datacap Navigator 9.1.9
ibm/datacap_navigator 9.1.7
... and 2 more
Published Jun 22, 2026
Tracked Since Jun 22, 2026