Denial of Service and Remote Code Execution in IBM WebSphere Application Server and Plug-ins
CVE-2026-9170

7.5HIGH

Key Information:

Vendor: IBM
Status: Web Server Plug-ins For Websphere Application Server And Websphere Liberty
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-9170?

IBM WebSphere Application Server and associated plug-ins are susceptible to significant security flaws due to inadequate input validation, potentially leading to denial of service attacks or allowing remote code execution. This vulnerability highlights the importance of ensuring robust input validation in server environments to protect against malicious exploitation.

Affected Version(s)

Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0

References

https://www.ibm.com/support/pages/node/7274072

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-9170 Data

JSON