HTTP Request Smuggling Vulnerability in IBM WebSphere Application Server
CVE-2026-8620

7.5HIGH

Key Information:

Vendor: IBM
Status: Web Server Plug-ins For Websphere Application Server And Websphere Liberty
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-8620?

IBM WebSphere Application Server and WebSphere Liberty are susceptible to HTTP request smuggling due to a flaw in the Web Server Plug-ins. This vulnerability allows attackers to send specially crafted requests, which may result in unauthorized access or manipulation of web traffic. It is crucial for organizations using these products to apply the necessary patches to mitigate this risk.

Affected Version(s)

Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0

References

https://www.ibm.com/support/pages/node/7274072

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 14, 2026

CVE-2026-8620 Data

JSON