CVE-2026-8855
Received
Received - Intake
IBM HTTP Server Remote Code Execution and DoS with TLS Mutual Auth
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: IBM Corporation
Description
Description
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | http_server | 8.5 |
| ibm | http_server | 9.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM HTTP Server versions 8.5 and 9.0 when configured with TLS mutual authentication (client authentication). It allows an attacker to remotely execute code or cause a denial of service on the affected server.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to remote code execution, allowing an attacker to run arbitrary code on the server without authorization. It can also cause denial of service, potentially making the server unavailable to legitimate users.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70