CVE-2026-9320
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
IBM WebSphere Application Server versions 9.0, 8.5, and IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service attack caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
Risk Assessment
This vulnerability could lead to service unavailability, impacting the organization's operational continuity and user trust.
Recommendation
It is recommended to update to the latest version of IBM WebSphere Application Server to mitigate this vulnerability and to monitor server logs for potential attack attempts.
Original NVD description (English source)
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

