← voltar
CVE-2026-8858

WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

CVSS 7.5 HIGHEPSS 0.3%CWE-94
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
22 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
IBM · i