CVE-2026-11714
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability when the apiDiscovery-1.0 feature is enabled. An attacker can exploit this flaw to send unauthorized requests from the server to internal network resources.
Risk Assessment
The risk involves potential attacks on internal systems, network scanning, or privilege escalation by using the server as a proxy for unauthorized requests.
Recommendation
It is recommended to immediately upgrade IBM WebSphere Application Server Liberty to version 26.0.0.8 or later, which includes a fix for this vulnerability. If an upgrade is not possible, temporarily disable the apiDiscovery-1.0 feature.
Original NVD description (English source)
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.

