CVE-2026-9170
Modified Modified - Updated After Analysis
IBM WebSphere App Server Plug-ins DoS/RCE Vulnerability

Publication date: 2026-05-26

Last updated on: 2026-06-11

Assigner: IBM Corporation

Description
IBM HTTP Server 8.5, and 9.0Β is vulnerable to denial of service and a potential remote code execution due to improper input validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-06-11
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9170
EUVD
EUVD-2026-31939
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm http_server 8.5.0.0
ibm http_server 9.0.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-444 The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how CVE-2026-9170 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability affects IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0. It is caused by improper input validation, which can lead to a denial of service and potentially allow remote code execution.

Impact Analysis

The vulnerability can impact you by causing a denial of service, which means the affected server or application could become unavailable. Additionally, there is a potential risk of remote code execution, which could allow an attacker to execute arbitrary code on the affected system.

Mitigation Strategies

IBM recommends applying interim fixes or future fix packs (9.0.5.28+ or 8.5.5.30+) to address the vulnerability in IBM WebSphere Application Server and WebSphere Application Server Liberty when using the optional Web Server Plug-ins component.

No workarounds are currently available, so applying the provided fixes as soon as possible is the immediate mitigation step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart