Remote Code Execution and Denial of Service in IBM HTTP Server
CVE-2026-8855

8.1HIGH

Key Information:

Vendor: IBM
Status: Http Server
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-8855?

IBM HTTP Server versions 8.5 and 9.0 are susceptible to vulnerabilities that allow attackers to execute arbitrary code remotely and potentially disrupt service. This issue arises in settings where TLS mutual authentication (client authentication) is enabled, which could lead to severe consequences for security and operational integrity. Users should review the IBM security advisory for mitigating actions and patch availability.

Affected Version(s)

HTTP Server 8.5.0

HTTP Server 9.0

References

https://www.ibm.com/support/pages/node/7274065

vendor-advisorypatch

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-8855 Data

JSON