IBM WAS Liberty Arbitrary File Read via restConnector-2.0 (17.0.0.3-26.0.0.6)
CVE-2026-11806 Published on June 30, 2026
IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
Vulnerability Analysis
CVE-2026-11806 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2026-11806 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Products Associated with CVE-2026-11806
Want to know whenever a new CVE is published for IBM Websphere Application Server Liberty? stack.watch will email you.
Affected Versions
IBM WebSphere Application Server - Liberty:- Version 17.0.0.3, <= 26.0.0.6 is affected.