CVE-2026-11877 OpenText CVE debrief

Who should care

Security teams and administrators responsible for OpenText Access Manager installations should be aware of this vulnerability. They should review their current version and consider upgrading to a patched version to prevent unauthorized configuration modifications.

Technical summary

CVE-2026-11877 is a vulnerability in OpenText Access Manager that allows unauthorized users to modify configuration through API calls. The vulnerability affects Access Manager before version 5.1.3 and has a CVSS score of 6.3. The CVSS vector is CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified as CWE-648.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it could allow unauthorized configuration modifications.

Recommended defensive actions

• Review current Access Manager version and consider upgrading to a patched version (5.1.3 or later).
• Implement compensating controls to monitor and restrict API calls.
• Review and restrict access to API endpoints.
• Monitor for suspicious activity and implement exception tracking.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and vector. A vendor advisory is available for mitigation.

Official resources