CVE-2026-9072

Description

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ibm / i7.6 – 7.6
ibm / i7.6.0 – 7.6.0
ibm / i7.5 – 7.5
ibm / i7.5.0 – 7.5.0
ibm / i7.4 – 7.4
ibm / i7.4.0 – 7.4.0
ibm / i7.3 – 7.3
ibm / i7.3.0 – 7.3.0

References

MISChttps://www.ibm.com/support/pages/node/7277344