Denial of Service Vulnerability in IBM WebSphere Application Server
CVE-2026-9320

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server; Websphere Application Server - Liberty
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-9320?

IBM WebSphere Application Server, including versions 9.0, 8.5, and Liberty versions 17.0.0.3 to 26.0.0.6, suffers from a denial of service vulnerability. This vulnerability is triggered by sending a specially crafted request that leads the server to exhaust its memory resources. A remote attacker can exploit this flaw to disrupt the server's operations, making it crucial to apply the necessary patches to maintain system stability and security.

Affected Version(s)

WebSphere Application Server 9.0.0 <= 7.0.2 Interim Fix 035

WebSphere Application Server 8.5.0 <= 7.0.3 Interim Fix 017

WebSphere Application Server - Liberty 17.0.0.3 <= 26.0.0.6

References

https://www.ibm.com/support/pages/node/7276579

vendor-advisorypatch

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 22, 2026

CVE-2026-9320 Data

JSON