CVE Catalog

CVE-2026-10852

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component. An attacker can send crafted requests to the web server, causing overload.

Risk Assessment

The risk involves potential disruption of the application server, leading to unavailability of business services and financial losses.

Recommendation

It is recommended to immediately apply security patches provided by IBM for WebSphere Application Server and WebSphere Liberty. Also consider restricting web server access to trusted sources only.

Original NVD description (English source)

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS