Project Subscriptions
No advisories yet.
Solution
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71808 and PH71706. For IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.6: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71808 https://www.ibm.com/support/pages/node/7277460 --OR-- · Apply Fix Pack 26.0.0.7 or later (targeted availability 3Q2026). For IBM WebSphere Application Server traditional: For V9.0.0.0 through 9.0.5.28: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71706 https://www.ibm.com/support/pages/node/7277463 --OR-- · Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026). For V8.5.0.0 through 8.5.5.30: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71706 https://www.ibm.com/support/pages/node/7277463 --OR-- · Apply Fix Pack 8.5.5.31 or later (targeted availability 3Q2026). Additional interim fixes may be available and linked off the interim fix download page.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://www.ibm.com/support/pages/node/7277550 |
|
Tue, 30 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. | |
| Title | IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling | |
| First Time appeared |
Ibm
Ibm websphere Application Server Ibm websphere Application Server Liberty |
|
| Weaknesses | CWE-444 | |
| CPEs | cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.6:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm websphere Application Server Ibm websphere Application Server Liberty |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-06-30T20:56:04.135Z
Reserved: 2026-06-08T02:55:08.653Z
Link: CVE-2026-11541
No data.
No data.
No data.
OpenCVE Enrichment
No data.