Zero Day MonitorZDM

← Back to list

5.4

CVE-2026-1561PATCHED

ibm · websphere_application_server

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to sen

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Affected Products

Vendor	Product	Versions
ibm	websphere_application_server	< 26.0.0.4

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	i	cert_advisory	90%
ibm	datapower	cert_advisory	90%
ibm	websphere application	cert_advisory	90%

References

https://www.ibm.com/support/pages/node/7267347(Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories15h ago

[UPDATE] [mittel] IBM WebSphere Application Server Liberty: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.15.4 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

26.0.0.4

CWECWE-918

PublishedMar 25, 2026

Last enriched6d ago

Trending Score22

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALPRE-CVE

Multiple Critical Vulnerabilities in Various IBM Products

HIGHCVE-2026-1345EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

MEDIUMCVE-2025-14923

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administe

MEDIUMCVE-2025-14915

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the

MEDIUMCVE-2025-36375EXP

IBM DataPower Gateway vulnerable to CSRF

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 25, 2026

Patch Available

Mar 30, 2026

Discovered by ZDM

Apr 1, 2026