Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
CVE-2026-9319: IBM WebSphere Application Server: Remote Code Execution via Untrusted Data
CVE-2026-9319
Summary
IBM WebSphere Application Server versions 9.0 and 8.5 are at risk of attackers running malicious code on the server if they can send untrusted data to the application. This could allow an attacker to gain control of the server, potentially leading to data theft or disruption. To mitigate this risk, update to a fixed version of the software or apply the recommended security patch.
Original title
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
Original description
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
nvd CVSS3.1
9.0
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026