CVE-2026-8858
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
IBM WebSphere Application Server and Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
Risk Assessment
The risk includes remote code execution and denial of service, potentially leading to data breaches, service unavailability, and system integrity compromise.
Recommendation
Apply the security patches provided by IBM for WebSphere Application Server and Liberty immediately. Additionally, configure authentication mechanisms and network traffic filtering to limit the possibility of impersonating the application server.
Original NVD description (English source)
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.

