IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading

Description

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.

Affected Products

Vendor	Product	Versions
ibm	websphere_application_server	<= 26.0.0.1

References

https://www.ibm.com/support/pages/node/7258224(Vendor Advisory)

Related News (1 articles)

Tier D

CSO Online3h ago

Seven IBM WebSphere Liberty flaws can be chained into full takeover

→ No new info (linked only)

CVSS 3.17.6 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-22

PublishedFeb 2, 2026

Last enriched11d ago

Trending Score27

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-34043EXP

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When seri

Trending: 53

MEDIUMCVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to sen

Trending: 34

MEDIUMCVE-2025-14923

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administe

Trending: 34

HIGHPRE-CVE

Multiple Vulnerabilities in IBM SPSS Allow Cross-Site Scripting, Denial of Service, and File Manipulation

Trending: 27

HIGHCVE-2026-1343EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Trending: 25

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 2, 2026

Discovered by ZDM

Apr 1, 2026