CVE Catalog

CVE-2026-8858

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

IBM WebSphere Application Server and Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.

Risk Assessment

The risk includes remote code execution and denial of service, potentially leading to data breaches, service unavailability, and system integrity compromise.

Recommendation

Apply the security patches provided by IBM for WebSphere Application Server and Liberty immediately. Additionally, configure authentication mechanisms and network traffic filtering to limit the possibility of impersonating the application server.

Original NVD description (English source)

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS