CVE-2026-9071
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk23th percentile - higher than 23% of all known CVEs
Summary
IBM WebSphere Application Server versions 9.0, 8.5, and IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service attack caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
Risk Assessment
This vulnerability could lead to service unavailability, impacting the organization's operational continuity and potentially incurring additional costs related to service restoration.
Recommendation
It is recommended to update to the latest version of IBM WebSphere Application Server and to monitor network traffic for suspicious requests.
Original NVD description (English source)
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

