PT-2026-43364 · Ibm · Web Server Plug-Ins For Ibm Websphere Application Server+1

Published

2026-05-26

Updated

2026-06-14

CVE-2026-8633

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty versions 8.5 through 9.0

Description Remote code execution is possible in the Web Server Plug-ins when processing a specially crafted request. This issue allows an unauthenticated network attacker to execute arbitrary code on the system.

Recommendations Apply APAR PH71342 to versions 8.5 through 9.0.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-8633

Affected Products

Web Server Plug-Ins For Ibm Websphere Application Server

Websphere Liberty

PT-2026-43364 · Ibm · Web Server Plug-Ins For Ibm Websphere Application Server+1

CVE-2026-8633

Weakness Enumeration

Related Identifiers

Affected Products

References · 10