WebSphere Application Server Liberty EUVD-2026-25131

| CVE-2026-3621 HIGH
Improper Privilege Management (CWE-269)
2026-04-22 ibm GHSA-r6x6-g36w-q7qm
Privilege Escalation IBM Websphere Application Server Liberty
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 23, 2026 - 06:56 vuln.today

DescriptionNVD

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.

AnalysisAI

Identity spoofing in IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.4 allows authenticated attackers with low privileges to impersonate other users and escalate privileges when applications are deployed without proper authentication and authorization controls. The vulnerability requires high attack complexity and low-privilege credentials, but enables complete compromise of confidentiality, integrity, and availability within the application scope. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all IBM WebSphere Application Server Liberty deployments and identify instances running versions 17.0.0.3 through 26.0.0.4. Within 7 days: Apply IBM vendor-released patch to all affected Liberty instances; consult IBM advisory for specific remediation version numbers. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-25131 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy