CVE-2026-11877
HIGHDescription
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microfocus | access_manager |
| microfocus | access_manager |
| microfocus | access_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-11877? +
How severe is CVE-2026-11877? +
What products are affected by CVE-2026-11877? +
How do I check if I'm vulnerable to CVE-2026-11877? +
Related Vulnerabilities
Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic …
OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter …
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s …
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing …
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and …
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken …