Server-Side Request Forgery in IBM WebSphere Application Server Liberty
CVE-2026-1561

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server Liberty
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-1561?

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.3 are susceptible to a server-side request forgery (SSRF) issue. This vulnerability enables a remote attacker to craft requests that are sent from the server, potentially leading to unauthorized access or manipulation of data within the local network. Exploitation of this vulnerability may facilitate network enumeration and allow attackers to launch further malicious activities, disrupting system integrity or confidentiality.

Affected Version(s)

WebSphere Application Server Liberty 17.0.0.3 <= 26.0.0.3

References

https://www.ibm.com/support/pages/node/7267347

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 28, 2026

CVE-2026-1561 Data

JSON