Denial of Service Vulnerability in IBM WebSphere Application Server
CVE-2026-9071

7.5HIGH

Key Information:

Vendor: IBM
Status: Websphere Application Server; Websphere Application Server - Liberty
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-9071?

IBM WebSphere Application Server, specifically versions 9.0 and 8.5, along with WebSphere Application Server - Liberty from version 17.0.0.3 through 26.0.0.6, are susceptible to a denial of service attack. This vulnerability can be triggered when a remote attacker sends a specially-crafted request, resulting in the server consuming excessive memory resources. Organizations utilizing affected versions are advised to apply patches promptly to mitigate the risk of service disruption.

Affected Version(s)

WebSphere Application Server 9.0.0 <= 7.0.2 Interim Fix 035

WebSphere Application Server 8.5.0 <= 7.0.3 Interim Fix 017

WebSphere Application Server - Liberty 17.0.0.3 <= 26.0.0.6

References

https://www.ibm.com/support/pages/node/7276579

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-9071 Data

JSON