Skip to main content

IBM DevOps Plan EUVDEUVD-2026-36252

| CVE-2026-4096 MEDIUM
Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)
2026-06-11 ibm GHSA-p4v4-3mfq-ffjr
6.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
MEDIUM
qualitative
NVD
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
6.5 MEDIUM

Network-reachable with no credentials required; cache poisoning path justifies UI:N; bounded C:L/I:L because session data and content integrity are affected but full system compromise is not.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
CVSS changed
Jun 16, 2026 - 16:37 NVD
6.5 (MEDIUM) 6.1 (MEDIUM)
Analysis Generated
Jun 11, 2026 - 15:48 vuln.today

DescriptionNVD

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

AnalysisAI

HTTP header injection in IBM DevOps Plan 3.0.0 through 3.0.6 allows unauthenticated remote attackers to inject arbitrary HTTP headers by supplying a malicious HOST header value that the application fails to sanitize. The vulnerability (CWE-644) can be leveraged to mount cross-site scripting attacks against users, poison intermediate caches with attacker-controlled content, or hijack authenticated sessions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send HTTP request with malicious HOST header
Delivery
Application reflects HOST header unsanitized in response
Exploit
Poisoned response cached by proxy or CDN
Execution
Victim requests cached resource
Impact
Attacker-controlled script executes in victim browser or session token exfiltrated

Vulnerability AssessmentAI

Exploitation The CVSS vector AV:N/AC:L/PR:N/UI:N indicates no special conditions are required for the injection act itself - an unauthenticated attacker with network access to the IBM DevOps Plan HTTP interface can send a malformed HOST header. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) accurately reflects the network-reachable, zero-authentication, low-complexity nature of the injection vector itself. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends an HTTP request to IBM DevOps Plan with a crafted HOST header (e.g., `Host: attacker.com`) targeting the application's link-generation or redirect functionality; the server reflects this value unsanitized into a response (e.g., a password-reset URL or a Location header), which a cached proxy stores and serves to subsequent legitimate users. Victims loading the poisoned page execute attacker-controlled JavaScript (XSS), or are redirected to an attacker-controlled domain for credential harvesting. …
Remediation Apply the vendor-released patch per IBM's advisory at https://www.ibm.com/support/pages/node/7275005. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-36252 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy