PatchSiren cyber security CVE debrief
CVE-2026-4096 IBM CVE debrief
CVE-2026-4096 is a medium-severity vulnerability affecting IBM DevOps Plan versions 3.0.0 through 3.0.6. The vulnerability is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking.
- Vendor
- IBM
- Product
- DevOps Plan
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of IBM DevOps Plan 3.0.0 through 3.0.6 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 6.5 and is classified as CWE-644. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the necessary patches or updates provided by IBM to fix the vulnerability.
- Review and update the configuration of IBM DevOps Plan to ensure proper validation of input by the HOST headers.
- Monitor the system for any suspicious activity and implement additional security measures if necessary.
Evidence notes
The CVE record was published on 2026-06-11T16:16:24.140Z and modified on 2026-06-11T20:56:29.653Z. The vulnerability was reported by [email protected].
Official resources
-
CVE-2026-4096 CVE record
CVE.org
-
CVE-2026-4096 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-4096 was published on 2026-06-11T16:16:24.140Z.