PT-2026-43370 · Ibm · Ibm Websphere Application Server+2
Published
2026-05-26
·
Updated
2026-05-28
·
CVE-2026-9170
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM HTTP Server versions 8.5 and 9.0
IBM WebSphere Application Server versions 8.5 and 9.0
IBM WebSphere Application Server Liberty versions 8.5 and 9.0
Description
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty are affected by improper input validation and incorrect code generation management. This issue can lead to HTTP Request Smuggling, a technique where the frontend and backend servers interpret the boundaries of an HTTP request differently. Exploitation of this flaw may allow a remote attacker to execute arbitrary code or cause a denial of service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
DoS
HTTP Request/Response Smuggling
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Http Server
Ibm Websphere Application Server
Websphere Liberty