Description
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
Published: 2026-06-22
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability now by applying a currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71376.   Web Server Plug-ins for IBM WebSphere Application Server (used with either WebSphere Application Server traditional or Liberty): For V9.0.0.0 through 9.0.5.27: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Web Server Plug-ins Interim Fix that resolves  PH71376 https://www.ibm.com/support/pages/node/7273976 --OR-- · Apply Fix Pack 9.0.5.28 or later (targeted availability 2Q2026).   For V8.5.0.0 through 8.5.5.29: · Upgrade to minimal fix pack levels as required by interim fix and then apply Web Server Plug-ins Interim Fix that resolves  PH71376 https://www.ibm.com/support/pages/node/7273976 --OR-- · Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Title Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Application Server Liberty Websphere Application Server is Affected By a Denial of Service
First Time appeared Ibm websphere Application Server
CPEs cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
Vendors & Products Ibm websphere Application Server
References

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server. IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
Title IBM i is Affected By a Denial of Service in IBM WebSphere Application Server Liberty Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Application Server Liberty

Tue, 23 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 22 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
Title IBM i is Affected By a Denial of Service in IBM WebSphere Application Server Liberty
First Time appeared Ibm
Ibm i
Weaknesses CWE-476
CPEs cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm i
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Ibm I Websphere Application Server
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-07-09T19:54:28.890Z

Reserved: 2026-06-04T12:38:07.335Z

Link: CVE-2026-10852

cve-icon Vulnrichment

Updated: 2026-06-23T14:51:36.316Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T19:15:15Z

Weaknesses