1. It was identified a security incident involving active exploitation attempts against our Broadcom Layer7 API Gateway 11.0, 
which is exposed to the internet in a couple of environments.

The vulnerability described in CVE-2026-1180

2. Affected / Targeted Endpoints
The attacker issued requests against the following publicly exposed endpoints:

/openid/connect/register
/openid/connect/register/*
/openid/connect/jwks.json
/.well-known/openid-configuration
/openid/connect/v1/userinfo

CVE-2026-1180 , Specifically involving:

Exposure of OpenID Connect Dynamic Client Registration
Insufficient validation of user-controlled parameters (e.g. jwks_uri)
Abuse of externally reachable OIDC endpoints to inject malicious payloads
We request official confirmation from Broadcom regarding:

CA API Gateway 11.0, 11.1.x

OTK 4.6.x

Externally reachable OIDC endpoints

 Immediate Mitigation Actions you may take :

1. Disabled all OpenID Connect endpoints exposed externally:

/openid/connect/register
/openid/connect/register/*
/openid/connect/jwks.json
/.well-known/openid-configuration
/openid/connect/v1/userinfo

2.  Block any identified malicious source IP addresses at your perimeter.

3.  Keep monitoring for any unusual outbound requests from the Gateway, as the vulnerability typically involves 
     the server being coerced into making unauthorized HTTP requests (SSRF).

- The final fix for CVE-2026-1180 will be provided on OTK version (4.7.1) to secure the url (mandate the url to be https by default)