CVE Catalog

CVE-2026-11714

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability when the apiDiscovery-1.0 feature is enabled. An attacker can exploit this flaw to send unauthorized requests from the server to internal network resources.

Risk Assessment

The risk involves potential attacks on internal systems, network scanning, or privilege escalation by using the server as a proxy for unauthorized requests.

Recommendation

It is recommended to immediately upgrade IBM WebSphere Application Server Liberty to version 26.0.0.8 or later, which includes a fix for this vulnerability. If an upgrade is not possible, temporarily disable the apiDiscovery-1.0 feature.

Original NVD description (English source)

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS