CVE-2026-11712 – IBM WebSphere Application Server
“Admin consoles are high-value targets, and weak handling can turn them into a business risk.”
IBM patched multiple vulnerabilities in WebSphere Application Server affecting versions 9.0 and 8.5, with additional impact to WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.6 for the HTTP request smuggling issue. The update covers cross-site scripting in the administrative console and help systems, plus HTTP request smuggling that could expose sensitive application traffic.
CVE-2026-11708 has a CVSS score of 9.3, which is Critical severity. CVE-2026-11712 has a CVSS score of 9.3, which is Critical severity. CVE-2026-11594 has a CVSS score of 8.5, which is High severity. CVE-2026-11541 has a CVSS score of 7.4, which is High severity. Verified exploitation has not been reported.
Key Details
- Affected Product
- Ibm Websphere Application Server
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-79