Skip to content
CVSS 7.5 · HIGH

CVE-2026-3621

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.

View on NVD

Analysis

IBM WebSphere Application Server Liberty (versions 17.0.0.3 to 26.0.0.4) is vulnerable to identity spoofing. This allows attackers to impersonate other users, potentially bypassing access controls in Java-based enterprise applications that rely on the server for identity context.

Severity

Score: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: HIGH
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-269

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.1%)
Percentile: 15.5%
EPSS: 2026-05-06

Technical description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.

Published: 4/23/2026, 12:16:45 AM
Last modified: 4/24/2026, 2:50:56 PM

References

HomeEventsBlogResourcesTeam