ThreatCluster

Critical XSS and Path Traversal Vulnerabilities in IBM WebSphere Application Server

First seen 6 Jul 2026, 13:56 UTC GbhackersCybersecuritynews 92% similarity 71

Article Content

Browse articles
ThreatCluster

IBM has disclosed critical vulnerabilities in its WebSphere Application Server, specifically CVE-2026-11712, CVE-2026-11595, and CVE-2026-11708, which affect widely used versions 8.5 and 9.0. These vulnerabilities enable cross-site scripting (XSS) and path traversal attacks, potentially allowing attackers to compromise administrative sessions and access sensitive data. The issues were published on June 30, 2026, and pose significant risks to enterprises relying on this platform for critical operations. Organizations are urged to assess their systems for these vulnerabilities and apply necessary mitigations. The vulnerabilities have been confirmed by IBM and are a serious concern for affected users.

Key Points: • IBM disclosed critical XSS and path traversal vulnerabilities in WebSphere Application Server. • Affected versions include widely deployed 8.5 and 9.0, with CVEs published on June 30, 2026. • Attackers could exploit these vulnerabilities to access sensitive data and compromise admin sessions.

ThreatCluster AI

Timeline

2026-06-30
CVE-2026-11595 published
IBM disclosed a critical XSS vulnerability affecting WebSphere Application Server versions 8.5 and 9.0.
Gbhackers
2026-06-30
CVE-2026-11712 published
IBM published details on a path traversal vulnerability in WebSphere Application Server, impacting versions 8.5 and 9.0.
Cybersecuritynews
2026-06-30
CVE-2026-11708 published
Another critical vulnerability affecting WebSphere Application Server was disclosed by IBM, raising security concerns.
Gbhackers

Community

Browse all →