CVE-2026-9170
CRITICALIBM WebSphere Application Server and WebSphere Application Server Liberty are affected DOS and RCE.
Title source: cnaDescription
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7274065
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7274072
Scores
CVSS v3
9.8
EPSS
0.0049
EPSS Percentile
37.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (5)
IBM/HTTP Server
8.5
IBM/HTTP Server
9.0
ibm/http_server
8.5.0.0
ibm/http_server
9.0.0.0
IBM/Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty
8.5, 9.0
Published
May 26, 2026
Tracked Since
May 26, 2026