CVE-2026-4096

6.5 MEDIUM

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers

Published: 2026-06-11 · Last updated: 2026-06-11

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-644

Description

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-4096
[Other]https://www.ibm.com/support/pages/node/7275005

Related CVEs

Same CWE

CVE-2026-48126 — Algernon is a small self-contained pure-Go web server (8.2 HIGH)
CVE-2026-33805 — @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the prox... (8.6 HIGH)