CVE-2026-11712
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
IBM WebSphere Application Server 9.0 and 8.5 are affected by a cross-site scripting (XSS) vulnerability in the administrative console help system. This allows an attacker to inject malicious scripts into the help page.
Risk Assessment
The risk involves potential theft of administrative sessions, account takeover, or unauthorized actions within the application server management console.
Recommendation
It is recommended to immediately update IBM WebSphere Application Server to the latest patched version and restrict access to the administrative console to trusted IP addresses only.
Original NVD description (English source)
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system.

