CVE-2026-9319
Analyzed Analyzed - Analysis Complete
Remote Code Execution in IBM WebSphere Application Server

Publication date: 2026-06-01

Last updated on: 2026-06-04

Assigner: IBM Corporation

Description
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-04
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-9319
EUVD
EUVD-2026-33737
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm websphere_application_server From 8.5.0.0 (inc) to 8.5.5.30 (exc)
ibm websphere_application_server From 9.0.0.0 (inc) to 9.0.5.29 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9319 is a critical vulnerability in IBM WebSphere Application Server versions 9.0 and 8.5. It arises from the deserialization of untrusted data via JAX-WS endpoints that use WS-Security. This flaw allows an attacker to potentially execute arbitrary code remotely on the affected system.

Impact Analysis

This vulnerability can lead to remote code execution, meaning an attacker could run malicious code on your server without authorization. Given the high CVSS score of 9.0, the impact includes complete compromise of confidentiality, integrity, and availability of the affected system, potentially leading to data breaches, service disruption, or further network compromise.

Mitigation Strategies

IBM recommends applying interim fixes or upgrading to specific fix packs to address the vulnerability in IBM WebSphere Application Server versions 9.0 and 8.5.

No workarounds are currently available, so applying the provided fixes is the immediate mitigation step.

Customers should evaluate the impact of this vulnerability in their environments and prioritize patching accordingly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart