Timing Attack Vulnerability in IBM WebSphere Application Server - Liberty
CVE-2026-5516

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server - Liberty
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-5516?

A vulnerability in IBM WebSphere Application Server - Liberty versions 22.0.0.11 through 26.0.0.5 could enable a remote attacker to bypass security mechanisms under specific circumstances. This flaw stems from a timing window that can be exploited, potentially compromising the integrity of the application server. It is crucial for users to remain vigilant and apply necessary patches to protect against this form of attack.

Affected Version(s)

WebSphere Application Server - Liberty 22.0.0.11 <= 26.0.0.5

References

https://www.ibm.com/support/pages/node/7273425

vendor-advisorypatch

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 3, 2026

CVE-2026-5516 Data

JSON