CVE-2026-1561
Received Received - Intake
Server-Side Request Forgery in IBM WebSphere Liberty

Publication date: 2026-03-25

Last updated on: 2026-03-30

Assigner: IBM Corporation

Description
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-30
Generated
2026-05-07
AI Q&A
2026-03-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1561
EUVD
EUVD-2026-15982
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm websphere_application_server From 17.0.0.3 (inc) to 26.0.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The vulnerability can allow a remote attacker to send unauthorized requests from your system.

This may lead to network enumeration, which means the attacker can gather information about your internal network.

Additionally, it could facilitate other attacks that leverage the ability to send unauthorized requests.


Can you explain this vulnerability to me?

IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.3 are vulnerable to a server-side request forgery (SSRF) vulnerability.

This vulnerability allows a remote attacker to send unauthorized requests from the affected system.

Such unauthorized requests can potentially lead to network enumeration or facilitate other attacks.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how the CVE-2026-1561 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The vulnerability occurs when the samlWeb-2.0 feature is enabled in IBM WebSphere Application Server Liberty. To detect if your system is vulnerable, you should verify whether the samlWeb-2.0 feature is enabled.

IBM provides guidance on determining feature usage within Liberty, which can help identify if the samlWeb-2.0 feature is active. However, specific commands to check this are not provided in the available resources.


What immediate steps should I take to mitigate this vulnerability?

IBM recommends remediation by applying the interim fix associated with APAR PH70017 or upgrading to Liberty Fix Pack 26.0.0.4 or later.

Users should first upgrade to the minimal fix pack levels required by the interim fix before applying it.

There are no known workarounds or mitigations available other than applying the interim fix or upgrading.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart