CVE-2026-8856
Analyzed
Analyzed - Analysis Complete
IBM HTTP Server Configuration Denial of Service
Vulnerability report for CVE-2026-8856, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: IBM Corporation
Description
Description
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | http_server | From 8.5.0.0 (inc) to 8.5.5.30 (exc) |
| ibm | http_server | From 9.0.0.0 (inc) to 9.0.5.29 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |