CVE Catalog

CVE-2026-11806

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.6 are affected by an arbitrary file read vulnerability when the restConnector-2.0 feature is enabled.

Risk Assessment

An attacker could exploit this vulnerability to read sensitive system files, such as configurations, passwords, or application data, leading to a breach of confidentiality and system integrity.

Recommendation

It is recommended to immediately upgrade WebSphere Liberty to a version later than 26.0.0.6 or apply the appropriate security patch from IBM. If upgrading is not possible, disable the restConnector-2.0 feature if it is not required.

Original NVD description (English source)

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS