Remote Code Execution Vulnerability in IBM Web Server Plug-ins for WebSphere
CVE-2026-8633

9.8CRITICAL

Key Information:

Vendor: IBM
Status: Web Server Plug-ins For Websphere Application Server And Websphere Liberty
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-8633?

IBM WebSphere Application Server and WebSphere Liberty are susceptible to a remote code execution vulnerability due to insecure handling of specially crafted requests in the Web Server Plug-ins. This could potentially allow an attacker to execute arbitrary code on affected systems, posing significant security risks. Users are advised to review the advisory and apply the necessary patches to mitigate this vulnerability.

Affected Version(s)

Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0

References

https://www.ibm.com/support/pages/node/7274072

vendor-advisorypatch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 14, 2026

CVE-2026-8633 Data

JSON