Server-Side Request Forgery Vulnerability in IBM WebSphere Application Server
CVE-2026-11546

7.1HIGH

Key Information:

Vendor: IBM
Status: Websphere Application Server - Liberty
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-11546?

A server-side request forgery vulnerability exists in IBM WebSphere Application Server - Liberty versions ranging from 17.0.0.3 to 26.0.0.7 when the adminCenter-1.0 feature is enabled. This flaw could allow an attacker to manipulate the application server into making unintended requests on behalf of the server, potentially exposing sensitive information or performing unauthorized actions within the network. Organizations using affected versions should review the official advisory from IBM and apply recommended patches to mitigate the risk.

Affected Version(s)

WebSphere Application Server - Liberty 17.0.0.3 <= 26.0.0.7

References

https://www.ibm.com/support/pages/node/7278572

vendor-advisorypatch

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 8, 2026

CVE-2026-11546 Data

JSON