CVE-2026-11712 – IBM WebSphere Application Server

CVSS 9.3 CRITICAL Critical or Zero Day – Immediate Deployment

“Admin consoles are high-value targets, and weak handling can turn them into a business risk.”

IBM patched multiple vulnerabilities in WebSphere Application Server affecting versions 9.0 and 8.5, with additional impact to WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.6 for the HTTP request smuggling issue. The update covers cross-site scripting in the administrative console and help systems, plus HTTP request smuggling that could expose sensitive application traffic.

CVE-2026-11708 has a CVSS score of 9.3, which is Critical severity. CVE-2026-11712 has a CVSS score of 9.3, which is Critical severity. CVE-2026-11594 has a CVSS score of 8.5, which is High severity. CVE-2026-11541 has a CVSS score of 7.4, which is High severity. Verified exploitation has not been reported.

Key Details

Affected Product
Ibm Websphere Application Server
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-79
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.