Authentication Bypass Vulnerability in IBM WebSphere Application Server
CVE-2026-10845

7.3HIGH

Key Information:

Vendor: IBM
Status: Websphere Application Server
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-10845?

The vulnerability in IBM WebSphere Application Server versions 8.5 and 9.0 allows remote attackers to bypass authentication mechanisms. By exploiting this flaw, attackers can gain unauthorized access to sensitive JAX-WS applications, jeopardizing data integrity and security. Organizations using these versions are strongly advised to apply the latest patches to mitigate potential threats.

Affected Version(s)

WebSphere Application Server 8.5.0 <= 7.0.2 Interim Fix 035

WebSphere Application Server 9.0.0 <= 7.0.3 Interim Fix 017

References

https://www.ibm.com/support/pages/node/7276597

vendor-advisorypatch

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-10845 Data

JSON