CVE-2026-8620

🗓️ 26 May 2026 17:15:00Reported by ibmType

CVE-2026-8620: IBM WebSphere Server and Liberty plug-ins enable HTTP request smuggling.

Reporter	Title	Published	Views	Family All 24
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)	8 Jun 202619:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)	27 May 202618:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)	8 Jun 202622:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.	10 Jun 202610:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)	8 Jun 202622:21	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-8633 and CVE-2026-8620)	29 May 202616:45	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2026-8633, CVE-2026-8620)	9 Jun 202614:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server	28 May 202619:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)	8 Jun 202619:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)	8 Jun 202622:03	–	ibm

NVD

Vulners

Node

ibm websphere_application_serverRange8.5.0.0–8.5.5.30-

ibm websphere_application_serverRange8.5.0.0–8.5.5.30liberty

ibm websphere_application_serverRange9.0.0.0–9.0.5.28-

ibm websphere_application_serverRange9.0.0.0–9.0.5.28liberty

[
  {
    "vendor": "IBM",
    "product": "Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty",
    "versions": [
      {
        "status": "affected",
        "version": "8.5, 9.0",
        "lessThanOrEqual": "Interim Fix 002",
        "versionType": "semver"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ibm:web_server_plug_ins_for_websphere_application_server_and_websphere_liberty:8.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:web_server_plug_ins_for_websphere_application_server_and_websphere_liberty:8.5.0:*:*:*:*:*:*:*"
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7274072

02 Jun 2026 18:40Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.00232

SSVC

CWE-444