CVE-2026-8856

HIGH

IBM HTTP Server is affected by multiple vulnerabilities

Title source: cna
STIX 2.1

Description

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7274065

Scores

CVSS v3 7.7
EPSS 0.0020
EPSS Percentile 9.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (3)
IBM/HTTP Server 8.5.0 - Interim Fix 002
IBM/HTTP Server 9.0
ibm/http_server 8.5.0.0 - 8.5.5.30
Published May 26, 2026
Tracked Since May 26, 2026