CVE-2026-11806
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.6 are affected by an arbitrary file read vulnerability when the restConnector-2.0 feature is enabled.
Risk Assessment
An attacker could exploit this vulnerability to read sensitive system files, such as configurations, passwords, or application data, leading to a breach of confidentiality and system integrity.
Recommendation
It is recommended to immediately upgrade WebSphere Liberty to a version later than 26.0.0.6 or apply the appropriate security patch from IBM. If upgrading is not possible, disable the restConnector-2.0 feature if it is not required.
Original NVD description (English source)
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.

