CVE Catalog

CVE-2026-9072

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile — higher than 33% of all known CVEs

Summary

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service when using Intelligent Management with the WebSphere WebServer Plug-in component. An attacker can exploit this vulnerability by impersonating backend servers and sending crafted responses to the plug-in.

Risk Assessment

This vulnerability could lead to serious security incidents, including remote code execution by an attacker and disruption of service availability.

Recommendation

It is recommended to update to the latest version of the software and implement appropriate security measures to minimize the risk of exploitation of this vulnerability.

Original NVD description (English source)

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS