CVE-2026-11595
Received Received - Intake

IBM WebSphere Admin Console Help Information Disclosure

Vulnerability report for CVE-2026-11595, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: IBM Corporation

Description

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-07-01
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm websphere_application_server 9.0
ibm websphere_application_server 8.5

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-11595 is a path traversal vulnerability in IBM WebSphere Application Server versions 9.0 and 8.5. It allows a remote attacker to obtain sensitive information from the administrative console's integrated help system.

The vulnerability can be exploited by an attacker on an adjacent network without requiring any privileges or user interaction.

Impact Analysis

This vulnerability impacts confidentiality by allowing unauthorized access to sensitive information through the administrative console's help system.

There is no impact on integrity or availability.

The severity is considered medium with a CVSS base score of 4.3.

Mitigation Strategies

IBM recommends applying an interim fix or fix pack to address the vulnerability in IBM WebSphere Application Server.

There are currently no workarounds available for this issue.

Fixes are targeted for availability in the third quarter of 2026.

Compliance Impact

The vulnerability in IBM WebSphere Application Server allows a remote attacker to obtain sensitive information from the administrative console's integrated help system, which impacts confidentiality.

Since the vulnerability leads to unauthorized disclosure of sensitive information, it could potentially affect compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data.

However, the provided information does not explicitly discuss the direct impact on compliance with these regulations or any specific compliance requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11595. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart