CVE Catalog

CVE-2026-11546

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 with the adminCenter-1.0 feature enabled are affected by a server-side request forgery (SSRF) vulnerability.

Risk Assessment

An attacker could exploit this vulnerability to send unauthorized requests from the server, potentially gaining access to internal network resources or launching attacks against other systems.

Recommendation

It is recommended to immediately upgrade IBM WebSphere Application Server Liberty to a version later than 26.0.0.7 or apply the appropriate security patch from the vendor.

Original NVD description (English source)

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS