VULNERABILITY ๐ด 1รKEV
CVE-2026-1340 in IBM Product: Actively Exploited, Added to CISA KEV
- An unspecified vulnerability in an IBM product, CVE-2026-1340, is under active exploitation.
- CONFIRMED: The vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) catalog on 2026-04-08. EPSS score is high at 0.67744.
- Immediate action is required to apply vendor patches or mitigations due to confirmed exploitation, despite a lack of a public CVSS score.
Technical Analysis
Technical details regarding the vulnerability class, attack vector, and preconditions for CVE-2026-1340 are not available in the provided intelligence. The vulnerability was registered by NVD but has not yet been assigned a CVSS score.
Despite the lack of public technical information, its inclusion in the CISA KEV catalog is a CONFIRMED indicator of active, real-world exploitation. This implies that threat actors have developed a functional exploit and are using it against vulnerable systems. The high EPSS score further corroborates the high likelihood of exploitation activity.
Affected Systems
- Not available
Intelligence Context
The primary threat signal for CVE-2026-1340 is its status as a CISA KEV entry, which overrides all other metrics. While the vulnerability lacks a CVSS score and the vendor risk score is low (0.05), the CONFIRMED evidence of exploitation demands immediate attention from defenders. The high EPSS score (0.67744) aligns with the KEV status, indicating a high probability of exploitation activity. The 'ZERO-DAY RACE' label, combined with its recent addition to the KEV catalog (1 day ago), signifies an urgent threat where defenders are responding to active, ongoing attacks. Prioritization must be based on the KEV status, not the missing CVSS score.
Remediation & Defense
- Not available
- Not available
Source Timeline
- nvd.nist.gov โ Official CVE record
- cisa.gov โ Confirmed exploitation (KEV)