PatchSiren cyber security CVE debrief
CVE-2026-11878 Microfocus CVE debrief
CVE-2026-11878 is a high-severity vulnerability in OpenText Access Manager, a product from Microfocus. The vulnerability is an improper neutralization of input during web page generation, also known as cross-site scripting (XSS). It affects Access Manager versions from 5.1 through 5.1.2. The CVSS score for this vulnerability is 8.2, indicating a high severity. The CVE was published on June 24, 2026, and last modified on June 29, 2026.
- Vendor
- Microfocus
- Product
- Access Manager
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-06-29
Who should care
Security teams and administrators responsible for OpenText Access Manager should be aware of this vulnerability. The vulnerability's high CVSS score indicates a significant risk, and defenders should take immediate action to mitigate it. Additionally, security teams should review their inventory of affected systems and prioritize patching or applying compensating controls.
Technical summary
CVE-2026-11878 is an XSS vulnerability in OpenText Access Manager. The vulnerability occurs due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by injecting malicious code into the web application, potentially leading to unauthorized actions or data breaches. The affected versions of Access Manager are from 5.1 through 5.1.2. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High. Defenders should prioritize patching or applying compensating controls to mitigate the risk of this vulnerability.
Recommended defensive actions
- Apply the vendor-provided patch or update to a non-vulnerable version of OpenText Access Manager.
- Review and update inventory of affected systems to ensure accurate tracking and prioritization.
- Implement compensating controls, such as web application firewalls or intrusion detection systems, to detect and prevent exploitation.
- Monitor systems for suspicious activity and implement additional security measures as needed.
- Verify that all necessary security updates and patches are applied to prevent exploitation.
Evidence notes
The CVE-2026-11878 vulnerability is documented in the official CVE record and the NVD detail page. The vendor, Microfocus, has provided a mitigation or vendor reference for this vulnerability. The vulnerability's CVSS score and vector are also provided, indicating a high severity and specific attack vectors.
Official resources
-
CVE-2026-11878 CVE record
CVE.org
-
CVE-2026-11878 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.