The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-2475

CVE-2026-2475: IBM Verify Access Open Redirect Vulnerability

CVE-2026-2475 is an open redirect vulnerability in IBM Verify Access that enables attackers to conduct phishing attacks by redirecting victims to malicious sites. This article covers technical details, affected versions, and mitigations.

Published: April 2, 2026

CVE-2026-2475 Overview

CVE-2026-2475 is an Open Redirect vulnerability (CWE-601) affecting IBM Verify Identity Access and IBM Security Verify Access products. This flaw allows remote attackers to conduct phishing attacks by exploiting improper URL validation, enabling them to redirect victims to arbitrary malicious websites through specially crafted requests.

Critical Impact

Attackers can exploit this open redirect vulnerability to redirect authenticated users to malicious sites, potentially enabling credential theft, malware distribution, or further phishing attacks while leveraging the trusted IBM domain.

Affected Products

  • IBM Verify Identity Access Container 11.0 through 11.0.2
  • IBM Security Verify Access Container 10.0 through 10.0.9.1
  • IBM Verify Identity Access 11.0 through 11.0.2
  • IBM Security Verify Access 10.0 through 10.0.9.1

Discovery Timeline

  • April 1, 2026 - CVE-2026-2475 published to NVD
  • April 1, 2026 - Last updated in NVD database

Technical Details for CVE-2026-2475

Vulnerability Analysis

This vulnerability stems from improper input validation of URL redirection parameters within the IBM Verify Identity Access and Security Verify Access products. When processing redirect URLs, the application fails to adequately validate the target destination, allowing attackers to craft malicious URLs that appear legitimate but redirect users to attacker-controlled domains.

The open redirect vulnerability is particularly concerning in identity and access management systems, as users inherently trust these authentication endpoints. An attacker can leverage this trust to construct phishing campaigns that appear to originate from the legitimate IBM authentication infrastructure.

Root Cause

The root cause is classified as CWE-601 (URL Redirection to Untrusted Site, also known as Open Redirect). The application accepts user-controlled input for URL redirection without proper validation or sanitization. This allows external, untrusted URLs to be used as redirect destinations, bypassing the intended security boundary of keeping users within the trusted application domain.

Attack Vector

The attack requires network access and user interaction, where an attacker crafts a malicious URL containing a redirect parameter pointing to a phishing site. The attack flow typically involves:

  1. Attacker identifies a redirect parameter in the IBM Verify Identity Access or Security Verify Access application
  2. Attacker constructs a URL using the legitimate IBM domain with a malicious redirect destination
  3. The malicious link is distributed via email, social engineering, or other means
  4. When a victim clicks the link, they are first directed to the legitimate IBM endpoint
  5. The application then redirects the victim to the attacker-controlled malicious site
  6. The victim, having seen the trusted IBM domain, may be more likely to trust the destination and provide credentials or sensitive information

The attack mechanism exploits the implicit trust users place in legitimate domains. Since the initial URL appears to belong to IBM's authentication infrastructure, security-conscious users and even some URL filtering systems may not flag the link as suspicious.

Detection Methods for CVE-2026-2475

Indicators of Compromise

  • Unusual redirect parameters in URL requests to IBM Verify Identity Access endpoints containing external domain references
  • Web server logs showing redirect responses (HTTP 302/303) to external, untrusted domains
  • User reports of being redirected to unexpected websites after clicking links to IBM authentication services

Detection Strategies

  • Monitor web application firewall (WAF) logs for requests containing URL parameters with external domain references
  • Implement URL pattern matching rules to detect redirect parameters pointing to non-whitelisted domains
  • Review authentication logs for unusual redirect patterns or destinations outside the expected application scope
  • Configure SentinelOne Singularity to monitor endpoint browser activity for suspicious redirect chains originating from IBM authentication URLs

Monitoring Recommendations

  • Enable detailed logging for all redirect operations within IBM Verify Identity Access and Security Verify Access deployments
  • Configure alerting for redirect requests that specify destinations outside the organization's trusted domain list
  • Implement periodic log analysis to identify patterns of redirect abuse attempts

How to Mitigate CVE-2026-2475

Immediate Actions Required

  • Apply the security patch provided by IBM for all affected IBM Verify Identity Access and Security Verify Access installations
  • Review and audit all redirect functionality within the application for proper URL validation
  • Implement allow-list validation for all redirect destinations to restrict redirects to trusted domains only
  • Educate users about the risk of phishing attacks leveraging open redirect vulnerabilities

Patch Information

IBM has released a security patch addressing this vulnerability. Administrators should obtain and apply the patch from the IBM Security Patch Advisory (Node 7268253). The patch should be applied to all affected versions:

  • IBM Verify Identity Access Container versions 11.0 through 11.0.2
  • IBM Security Verify Access Container versions 10.0 through 10.0.9.1
  • IBM Verify Identity Access versions 11.0 through 11.0.2
  • IBM Security Verify Access versions 10.0 through 10.0.9.1

Workarounds

  • Implement a web application firewall (WAF) rule to block or sanitize redirect parameters containing external domain references
  • Configure reverse proxy or load balancer rules to validate redirect destinations before allowing the request to reach the application
  • Restrict access to authentication endpoints to only necessary networks until the patch can be applied
  • Implement Content Security Policy (CSP) headers to limit redirect destinations where possible
bash
# Example WAF rule to block external redirects (ModSecurity syntax)
SecRule ARGS:redirect_uri "!@beginsWith https://trusted-domain.example.com" \
    "id:1001,phase:1,deny,status:403,msg:'Blocked potential open redirect attempt'"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeOther
  • Vendor/TechIbm Security Verify Access
  • SeverityLOW
  • CVSS Score3.1
  • EPSS Probability0.03%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
  • Impact Assessment
  • ConfidentialityHigh
  • IntegrityLow
  • AvailabilityNone
  • CWE References
  • CWE-601
  • Technical References
  • IBM Security Patch
  • Related CVEs
  • CVE-2026-1342: IBM Security Verify Access Auth Bypass Flaw
  • CVE-2026-1346: IBM Security Verify Access Privilege Escalation
  • CVE-2026-1343: IBM Security Verify Access Auth Bypass Flaw
  • CVE-2026-4364: IBM Verify Access XSS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English