CVE-2026-1561

CWE-918 — Server-Side Request Forgery (SSRF)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 90.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Application Server Liberty

Timeline

PublishedMar 25

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5ibm/websphere_application_server_liberty17.0.0.3 — 26.0.0.3

▶NVDibm/websphere_application_server17.0.0.3 — 26.0.0.4

🔴Vulnerability Details

GHSA

GHSA-8gm5-jf6f-36wc: IBM WebSphere Application Server - Liberty 17↗2026-03-25

▶

CVEList

IBM WebSphere Application Server Liberty Server-Side Request Forgery↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1561 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶