CVE-2026-8858

Description

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ibm / i7.6 – 7.6
ibm / i7.6.0 – 7.6.0
ibm / i7.5 – 7.5
ibm / i7.5.0 – 7.5.0
ibm / i7.4 – 7.4
ibm / i7.4.0 – 7.4.0
ibm / i7.3 – 7.3
ibm / i7.3.0 – 7.3.0

References

MISChttps://www.ibm.com/support/pages/node/7277344