CVE Catalog

CVE-2026-11594

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

IBM WebSphere Application Server 9.0 and 8.5 is affected by a cross-site scripting vulnerability in the administrative console. This allows an attacker to inject malicious scripts into the server management interface.

Risk Assessment

The risk involves potential session hijacking of administrators, theft of credentials, or unauthorized operations within the administrative console, which could compromise the entire application environment.

Recommendation

It is recommended to immediately apply security patches provided by IBM for WebSphere Application Server versions 9.0 and 8.5. Additionally, restrict access to the administrative console to trusted networks and users only.

Original NVD description (English source)

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS