Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-9170: IBM Web Server Plug-ins: Denial of Service and Remote Code Execution

CVE-2026-9170

Summary

IBM's Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty are at risk of crashing or being exploited by hackers. This is due to a failure to properly check user input, which could allow an attacker to take control of the server. Users should update their plug-ins to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
ibm	http_server	8.5.0.0 9.0.0.0 `cpe:2.3:a:ibm:http_server:8.5.0.0:::::::*`

Original title

IBM HTTP Server 8.5, and 9.0

Original description

IBM HTTP Server 8.5, and 9.0

nvd CVSS3.1 7.5

Vulnerability type

CWE-444

CWE-94 Code Injection

https://www.ibm.com/support/pages/node/7274072
https://www.ibm.com/support/pages/node/7274065 Vendor Advisory

Published: 26 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026