Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-8644: IBM WebSphere Application Server Identity Spoofing Risk

CVE-2026-8644

Summary

IBM WebSphere Application Server versions 9.0 and 8.5 allow an attacker to pretend to be someone else, potentially gaining unauthorized access to sensitive information. This is a significant risk because it could lead to data theft or unauthorized actions within the application. To mitigate this risk, IBM recommends updating to a fixed version of the software.

Original title

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

Original description

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

nvd CVSS3.1 9.1

Vulnerability type

CWE-290

https://www.ibm.com/support/pages/node/7274740

Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026