CVE-2026-11541
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
IBM WebSphere Application Server 9.0, 8.5 and Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. This flaw allows an attacker to manipulate HTTP headers to bypass security controls.
Risk Assessment
An attacker could exploit this vulnerability to perform session hijacking, bypass security rules, or conduct cross-site scripting (XSS) attacks on the application server.
Recommendation
It is recommended to immediately update IBM WebSphere Application Server to the latest available version and apply security patches provided by the vendor.
Original NVD description (English source)
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.

