CVE-2026-8855

HIGH

IBM HTTP Server is affected by multiple vulnerabilities

Title source: cna
STIX 2.1

Description

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7274065

Scores

CVSS v3 8.1
EPSS 0.0046
EPSS Percentile 36.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (3)
IBM/HTTP Server 8.5.0 - Interim Fix 002
IBM/HTTP Server 9.0
ibm/http_server 8.5.0.0 - 8.5.5.30
Published May 26, 2026
Tracked Since May 26, 2026