Denial of Service Vulnerability in IBM HTTP Server 8.5 and 9.0
CVE-2026-8850

7.5HIGH

Key Information:

Vendor: IBM
Status: Http Server
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-8850?

IBM HTTP Server versions 8.5 and 9.0 are vulnerable to a denial of service attack through the optional mod_ibm_upload module. An attacker can exploit this vulnerability to disrupt service availability, potentially leading to unplanned downtime and loss of access to resources for users. Organizations utilizing these versions should review their configurations and apply the necessary patches recommended by IBM to mitigate this risk.

Affected Version(s)

HTTP Server 8.5.0

HTTP Server 9.0

References

https://www.ibm.com/support/pages/node/7274065

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-8850 Data

JSON