Vulnerability Details CVE-2026-8646
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 27.0%
CVSS Severity
CVSS v3 Score 7.4