CVE-2026-8620
published 2026-05-26CVE-2026-8620: IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server…
high7.5CVSS 3.1
AVNACHPRNUINSCCHILAN
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | web_server_plug-ins_for_websphere_application_server_and_websphere_liberty | 8.5, 9.0 – Interim Fix 002 | — |
| ibm | websphere_application_server | >= 8.5.0.0 < 8.5.5.30 | 8.5.5.30 |
| ibm | websphere_application_server | >= 9.0.0.0 < 9.0.5.28 | 9.0.5.28 |