CVE-2026-3621
published 2026-04-23CVE-2026-3621: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited…
medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_application_server | >= 17.0.0.3 < 26.0.0.5 | 26.0.0.5 |
| ibm | websphere_application_server_liberty | 17.0.0.3 – 26.0.0.4 | — |