CVE-2026-11708
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
IBM WebSphere Application Server 9.0 and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system. This allows an attacker to inject malicious script into the help page.
Risk Assessment
An attacker could exploit this vulnerability to steal administrator sessions, take over accounts, or perform unauthorized actions in the administrative console.
Recommendation
It is recommended to immediately update IBM WebSphere Application Server to the latest version containing the security fix. Until the update, restrict access to the administrative console to trusted networks only.
Original NVD description (English source)
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system.

