CVE Catalog

CVE-2026-9006

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

IBM WebSphere Application Server versions 9.0 and 8.5 are vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

Risk Assessment

This vulnerability could lead to serious security breaches, including unauthorized access to data or systems. Organizations should be aware of the risks associated with this flaw.

Recommendation

It is recommended to update IBM WebSphere Application Server to the latest version to mitigate this vulnerability. Additionally, consider restricting access to the Ajax Proxy functionality.

Original NVD description (English source)

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS