Ghostwire
Home / Vulnerabilities / CVE-2026-4096

CVE-2026-4096: IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by...

MEDIUM CVSS 5.5

Published: June 11, 2026 | Last Modified: June 11, 2026

Description

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (15 articles)

Tenable CVEs
CVE-2026-4096
 Tenable CVEs
CVE-2026-40965
 Tenable CVEs
CVE-2026-40964
 CVE Feed
CVE-2026-40965 - Cloud Foundry UAA EC Private Key Exposure
 Tenable CVEs
CVE-2026-40961
 Tenable CVEs
CVE-2026-40963
 CVE Feed
CVE-2026-40969 - Spring gRPC AuthenticationException message reflected to remote client
 CVE Feed
CVE-2026-40968 - Spring gRPC SecurityContext leaks across requests on authorization failure
 Tenable CVEs
CVE-2026-40968
 Tenable CVEs
CVE-2026-40969
 CVE Feed
CVE-2026-40966 - VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
 Tenable CVEs
CVE-2026-40966
 CVE Feed
CVE-2026-40967 - Spring AI Unvalidated Filter Expression Converter Vulnerability (Code Injection)
 Tenable CVEs
CVE-2026-40967
 CVE Feed
CVE-2026-40962 - FFmpeg CENC Subsample Buffer Overflow Vulnerability

References