Remote Code Execution Risk in IBM WebSphere Server by IBM
CVE-2026-8858

7.5HIGH

Key Information:

Vendor: IBM
Status: I
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-8858?

The IBM WebSphere Application Server and its Liberty variant are susceptible to vulnerabilities in the WebSphere Web Server Plug-in. An attacker can exploit this by impersonating the application server and sending specially crafted responses to the plug-in, potentially leading to remote code execution and service disruptions. Users are advised to apply the necessary patches and updates to safeguard their systems.

Affected Version(s)

i 7.6.0 <= 1.8.4

i 7.5.0

i 7.4.0

References

https://www.ibm.com/support/pages/node/7277344

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-8858 Data

JSON