CVE-2026-3621
MEDIUM WAF: Low
CVSS 5.9
Published: 2026-04-23
CWE-269
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | websphere_application_server | 17.0.0.3 - 26.0.0.5 |
References
- www.ibm.com (Vendor Advisory)