CVE-2026-11594
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
IBM WebSphere Application Server 9.0 and 8.5 is affected by a cross-site scripting vulnerability in the administrative console. This allows an attacker to inject malicious scripts into the server management interface.
Risk Assessment
The risk involves potential session hijacking of administrators, theft of credentials, or unauthorized operations within the administrative console, which could compromise the entire application environment.
Recommendation
It is recommended to immediately apply security patches provided by IBM for WebSphere Application Server versions 9.0 and 8.5. Additionally, restrict access to the administrative console to trusted networks and users only.
Original NVD description (English source)
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.

