CVE Catalog

CVE-2026-11541

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

IBM WebSphere Application Server 9.0, 8.5 and Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. This flaw allows an attacker to manipulate HTTP headers to bypass security controls.

Risk Assessment

An attacker could exploit this vulnerability to perform session hijacking, bypass security rules, or conduct cross-site scripting (XSS) attacks on the application server.

Recommendation

It is recommended to immediately update IBM WebSphere Application Server to the latest available version and apply security patches provided by the vendor.

Original NVD description (English source)

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS