A vulnerability categorized as critical has been discovered in IBM DevOps Plan up to 3.0.6 . Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler . The manipulation results in improper neutralization of http headers for scripting syntax. This vulnerability is reported as CVE-2026-4096 . The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.