CVE-2026-9610 | IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigato… | CVSS 2.3 LOW

Description

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls.

Metadata

CVE ID: CVE-2026-9610
State: PUBLISHED
Assigner: ibm
Reserved: 2026-05-26 16:26 UTC
Published: 2026-06-22 14:22 UTC
Last updated: 2026-06-22 15:58 UTC
Primary CWE: CWE-425
CWE-425 Direct Request ('Forced Browsing')
Vendor / Product: IBM / Datacap
Sources: cve.org · NVD

Severity & Metrics

2.3 LOW CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
IBM	Datacap	—	9.1.7 ≤ 1.8.4, 9.1.8, 9.1.9
IBM	Datacap Navigator	—	9.1.7 ≤ 8.2.1.0, 9.1.8, 9.1.9

Weakness (CWE)

CWE	Source	Description
CWE-425	cna	CWE-425 Direct Request ('Forced Browsing')

CVSS scores (1)

Score	Severity	Version	Source	Vector
2.3	LOW	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

References (1)

https://www.ibm.com/support/pages/node/7276609