CVE-2026-9319

IBM WebSphere Application Server 9.0 and 8.5 are affected by a remote code execution vulnerability caused by deserialization of untrusted data via JAX-WS endpoints with WS-Security (CVE-2026-9319; CVSS v3.1 base score 9.0). This affects WebSphere AS 9.0 and 8.5. Remediation: apply the interim fix...

CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

EUVD-2026-33735

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

CVE-2026-9311

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

CVE-2026-9311 IBM WebSphere Application Server is affected by remote code execution

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

CVE-2026-8644 IBM WebSphere Application Server is affected by an identity spoofing vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

CVE-2026-8644

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

EUVD-2026-33732

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

CVE-2026-8644

IBM WebSphere Application Server versions 9.0 and 8.5 are affected by CVE-2026-8644, an identity spoofing (authentication bypass) vulnerability (CWE-290) with CVSSv3.1 base score 9.1. Affected products: WebSphere Application Server 9.0 and 8.5. Root cause: identity spoofing leading to authenticat...

Security Bulletin: IBM WebSphere Application Server is affected by remote code execution (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server is affected by remote code execution. Vulnerability Details CVEID:CVE-2026-9311 DESCRIPTION: IBM WebSphere Application Server is vulnerable to remote code execution caused by the bypass of security controls. CWE:CWE-94: Improper Control of Generation of Co...

Security Bulletin: IBM WebSphere Application Server is affected by an identity spoofing vulnerability (CVE-2026-8644)

Summary IBM WebSphere Application Server is affected by an identity spoofing vulnerability. Vulnerability Details CVEID:CVE-2026-8644 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing. CWE:CWE-290: Authentication Bypass by Spoofing CVSS Source: IBM CVSS Base score:...

Security Bulletin: IBM WebSphere Application Server is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: IBM WebSphere Application Server is vulnerable to potential remote code execution due to deserializati...

EUVD-2026-33641

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that...

CVE-2026-41017

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

PYSEC-2026-181

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

PT-2026-45542

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists that allows for identity spoofing, where an attacker can impersonate another user or system identity. Recommendations At the...

IBM WebSphere Application Server code-related vulnerabilities

IBM WebSphere Application Server is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Versions 9.0 and 8.5 of IBM WebSphere Application Server contained code vulnerabilitie...

IBM WebSphere Application Server (WAS) code injection vulnerability

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Both the 9.0 and 8.5 versions of IBM WebSphere Application Server contained a code...

IBM WebSphere Application Server (WAS) security vulnerabilities

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications, and it also forms the foundation of the IBM WebSphere software platform. Both versions of IBM WebSphere Application Server WAS, 9.0 and 8.5, ha...

PT-2026-45543

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...