{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1561", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-01-28T19:33:31.826Z", "datePublished": "2026-03-25T20:10:10.168Z", "dateUpdated": "2026-03-25T20:11:57.041Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T20:11:57.041Z"}, "title": "IBM WebSphere Application Server Liberty Server-Side Request Forgery", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "WebSphere Application Server Liberty", "versions": [{"status": "affected", "version": "17.0.0.3", "lessThanOrEqual": "26.0.0.3", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:26.0.0.3:*:*:*:liberty:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267347", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Remediation/Fixes IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70017 . To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature . For IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.3 using the samlWeb-2.0 feature: \u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH70017 --OR-- \u00b7 Apply Liberty Fix Pack 26.0.0.4 or later (targeted availability 2Q2026). Additional interim fixes may be available and linked off the interim fix download page.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Remediation/Fixes IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70017 . To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature . For IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.3 using the samlWeb-2.0 feature: \u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH70017 --OR-- \u00b7 Apply Liberty Fix Pack 26.0.0.4 or later (targeted availability 2Q2026). Additional interim fixes may be available and linked off the interim fix download page.</p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks."}], "id": "CVE-2026-1561", "lastModified": "2026-03-25T21:16:28.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T21:16:28.680", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7267347"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T21:28:02.909128+00:00", "value": {"mitigation_remediation": ["Determine whether the samlWeb-2.0 feature is enabled.", "Upgrade to the minimum required fix pack level and apply Interim Fix PH70017.", "Alternatively, install Liberty Fix Pack 26.0.0.4 or later.", "Verify that the fix has been applied and the server is no longer able to send unauthorized requests."], "summary": {"action": "Patch Now", "impact": "Remote Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The affected product is IBM WebSphere Application Server Liberty. Versions ranging from 17.0.0.3 up to and including 26.0.0.3 are impacted. The issue is tied to the samlWeb\u20112.0 feature, so deployments using that feature are exposed.", "description_and_impact": "The vulnerability is a server\u2011side request forgery (SSRF) in IBM WebSphere Application Server Liberty, affecting versions 17.0.0.3 through 26.0.0.3. It allows a remote attacker to cause the application server to send arbitrary HTTP requests to internal or external resources. This can lead to network enumeration, discovery of hidden services, or enable other attacks that depend on the information or access obtained. The weakness is identified as CWE\u2011918.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The described SSRF can be triggered remotely, likely by sending crafted requests to the Liberty server over HTTP or HTTPS. Because the vulnerability allows an attacker to issue outgoing requests without authentication, the risk is significant for systems that rely on internal network isolation. Mitigation is recommended as soon as possible."}}}}, "created": "2026-03-25T21:46:17.242146+00:00", "updated": "2026-03-25T21:46:17.242171+00:00", "vendors": []}