CVE-2026-9006
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
IBM WebSphere Application Server versions 9.0 and 8.5 are vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
Risk Assessment
This vulnerability could lead to serious security breaches, including unauthorized access to data or systems. Organizations should be aware of the risks associated with this flaw.
Recommendation
It is recommended to update IBM WebSphere Application Server to the latest version to mitigate this vulnerability. Additionally, consider restricting access to the Ajax Proxy functionality.
Original NVD description (English source)
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

