CVE-2026-10852

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

CVE-2026-10852 Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Application Server Liberty

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...

CVE-2026-10852

IBM i 7.3–7.6 and IBM WebSphere Application Server/Liberty are affected by CVE-2026-10852, a denial-of-service in the WebSphere WebServer Plug-in when crafted requests are sent. Root cause cited: NULL Pointer Dereference (CWE-476). CVSS 3.1 base score 5.9 (Network, High attack complexity, No priv...

CVE-2026-9072 WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backe...

CVE-2026-9072 WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backe...

CVE-2026-8858 WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted...

CVE-2026-8858

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted...

CVE-2026-8858 IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the applicatio...

Security Bulletin: IBM i is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2026-10852, CVE-2026-8858, CVE-2026-9072, CVE-2026-8633, CVE-2026-8620]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to denial of service, remote code execution, and HTTP request smuggling when an attacker passes crafted requests to the web server or impersonates the application server and returns crafted responses CVE-2026-10852,...

CVE-2026-7870

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

Security Bulletin: IBM i is Affected by Privilege Escalation [CVE-2026-7870]

Summary IBM i is vulnerable to privilege escalation due to an unqualified library call CVE-2026-7870 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-7870 DESCRIPTION: IBM i could allow a user to gain elevated privileges due to an unqualified library call. A...

Security Bulletin: IBM i is Affected By NULL Pointer Dereference, Use Afer Free, and Out-of-Bounds Write Vulnerabilities in OpenSSL [CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-28387, CVE-2026-31789]

Summary OpenSSL for IBM i is vulnerable to NULL pointer derefences when processing either a delta CRL indicator extension CVE-2026-28388 or CMS EnvelopedData message with KeyAgreeRecipientInfo CVE-2026-28389, CVE-2026-28390, and use after free when using DANE TLSA-based server authentication...

CVE-2026-6936

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...

CVE-2026-7770

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

CVE-2026-7770

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

CVE-2026-7770

CVE-2026-7770 affects IBM i Access Family (ACS) versions 1.1.5.0–1.1.9.12. When ACS is configured to listen for requests from IBM i Navigator, it is vulnerable to remote code execution. The root cause is CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ...

PT-2026-45541

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

Security Bulletin: IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator (CVE-2026-7770)

Summary IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator CVE-2026-7770. Vulnerability Details CVEID:CVE-2026-7770 DESCRIPTION: IBM i Access Client Solutions ACS is vulnerable to remote code execution when configur...

CVE-2026-6936 IBM i is Affected by a Denial of Service Vulnerability []

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...