Denial of Service Vulnerability in IBM WebSphere Application Server
CVE-2026-4410

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server - Liberty; Websphere Application Server
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-4410?

IBM WebSphere Application Server, including versions 19.0.0.7 through 26.0.0.5, as well as versions 9.0 and 8.5, is susceptible to a denial of service vulnerability. This issue arises when a specially-crafted request is sent to the server, potentially leading it to exhaust its memory resources. A remote attacker can exploit this vulnerability to disrupt service availability, highlighting the need for immediate attention and remediation. For detailed mitigation strategies, refer to the vendor advisory.

Affected Version(s)

WebSphere Application Server 9.0

WebSphere Application Server 8.5

WebSphere Application Server - Liberty 19.0.0.7 <= 26.0.0.5

References

https://www.ibm.com/support/pages/node/7273424

vendor-advisorypatch

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Mar 19, 2026

CVE-2026-4410 Data

JSON