CVE-2026-9170
IBM WebSphere App Server Plug-ins DoS/RCE Vulnerability
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | websphere_application_server | 8.5 |
| ibm | websphere_application_server | 9.0 |
| ibm | web_server_plug_ins_for_websphere_application_server | * |
| ibm | web_server_plug_ins_for_websphere_liberty | * |
| ibm | websphere_liberty | 9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-444 | The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0. It is caused by improper input validation, which can lead to a denial of service and potentially allow remote code execution.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a denial of service, which means the affected server or application could become unavailable. Additionally, there is a potential risk of remote code execution, which could allow an attacker to execute arbitrary code on the affected system.