{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-12628/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-23T18:52:31.455Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-12628","@id":"https://www.cve.org/CVERecord?id=CVE-2026-12628","description":"IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session an"},"products":[{"@id":"cpe:2.3:a:ibm:storage_protect_client:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:ibm:storage_protect_client:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:ibm:storage_protect_snapshot_for_windows:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-23T18:52:31.455Z"}]}