VDB

GCVE-110-NCSC-2026-177

GCVE-110-NCSC-2026-177
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published June 8, 2026
IBM WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0 are susceptible to HTTP request smuggling attacks through specially crafted requests targeting the Web Server Plug-ins.

Weaknesses (CWE)

CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')CWE-94Improper Control of Generation of Code ('Code Injection')

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
IBMvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›