CVE-2026-10852
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component. An attacker can send crafted requests to the web server, causing overload.
Risk Assessment
The risk involves potential disruption of the application server, leading to unavailability of business services and financial losses.
Recommendation
It is recommended to immediately apply security patches provided by IBM for WebSphere Application Server and WebSphere Liberty. Also consider restricting web server access to trusted sources only.
Original NVD description (English source)
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.

