CVE-2026-3621 | THREATINT

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.

PUBLISHED Reserved 2026-03-05 | Published 2026-04-22 | Updated 2026-04-24 | Assigner ibm

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

17.0.0.3 (semver)

affected

References

www.ibm.com/support/pages/node/7270437 vendor-advisory patch

cve.org (CVE-2026-3621)

nvd.nist.gov (CVE-2026-3621)

Download JSON