Path traversal in IBM WebSphere Application Server - CVE-2026-11595

 

Path traversal in IBM WebSphere Application Server - CVE-2026-11595

Published: July 2, 2026 / Updated: July 2, 2026


Vulnerability identifier: #VU136697
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-11595
CWE-ID: CWE-22
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
IBM WebSphere Application Server

Detailed vulnerability description

The vulnerability allows an adjacent attacker to obtain sensitive information.

The vulnerability exists due to input validation error when processing directory traversal sequences. An adjacent attacker can send a specially crafted HTTP request and obtain sensitive information from the administrative console's integrated help system.


How to mitigate CVE-2026-11595

Install updates from vendor's website.

Sources