Vulnerability-Lookup

WID-SEC-W-2026-1762

Vulnerability from csaf_certbund - Published: 2026-06-01 22:00 - Updated: 2026-06-16 22:00

Summary

IBM WebSphere Application Server: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM WebSphere Application Server ist ein J2EE-Applikationsserver.

Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Code auszuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-8644

Affected products

Known affected 7 products

Product	Identifier	Version
IBM WebSphere Application Server <8.5.5.30 IBM / WebSphere Application Server		<8.5.5.30
IBM WebSphere Application Server <9.0.5.29 IBM / WebSphere Application Server		<9.0.5.29
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
IBM Business Automation Workflow 25.0.0-25.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:25.0.0_-_25.0.1`	25.0.0-25.0.1
IBM Tivoli Key Lifecycle Manager IBM	`cpe:/a:ibm:tivoli_key_lifecycle_manager:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
IBM Business Automation Workflow 24.0.0-24.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0_-_24.0.1`	24.0.0-24.0.1

CVE-2026-9311

Affected products

Known affected 7 products

Product	Identifier	Version
IBM WebSphere Application Server <8.5.5.30 IBM / WebSphere Application Server		<8.5.5.30
IBM WebSphere Application Server <9.0.5.29 IBM / WebSphere Application Server		<9.0.5.29
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
IBM Business Automation Workflow 25.0.0-25.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:25.0.0_-_25.0.1`	25.0.0-25.0.1
IBM Tivoli Key Lifecycle Manager IBM	`cpe:/a:ibm:tivoli_key_lifecycle_manager:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
IBM Business Automation Workflow 24.0.0-24.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0_-_24.0.1`	24.0.0-24.0.1

CVE-2026-9319

Affected products

Known affected 7 products

Product	Identifier	Version
IBM WebSphere Application Server <8.5.5.30 IBM / WebSphere Application Server		<8.5.5.30
IBM WebSphere Application Server <9.0.5.29 IBM / WebSphere Application Server		<9.0.5.29
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
IBM Business Automation Workflow 25.0.0-25.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:25.0.0_-_25.0.1`	25.0.0-25.0.1
IBM Tivoli Key Lifecycle Manager IBM	`cpe:/a:ibm:tivoli_key_lifecycle_manager:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
IBM Business Automation Workflow 24.0.0-24.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0_-_24.0.1`	24.0.0-24.0.1

CVE-2026-9330

Affected products

Known affected 7 products

Product	Identifier	Version
IBM WebSphere Application Server <8.5.5.30 IBM / WebSphere Application Server		<8.5.5.30
IBM WebSphere Application Server <9.0.5.29 IBM / WebSphere Application Server		<9.0.5.29
IBM WebSphere Service Registry and Repository IBM	`cpe:/a:ibm:websphere_service_registry_and_repository:-`	—
IBM Business Automation Workflow 25.0.0-25.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:25.0.0_-_25.0.1`	25.0.0-25.0.1
IBM Tivoli Key Lifecycle Manager IBM	`cpe:/a:ibm:tivoli_key_lifecycle_manager:-`	—
IBM Tivoli Network Manager IP Edition 4.2.0 IBM / Tivoli Network Manager	`cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0`	IP Edition 4.2.0
IBM Business Automation Workflow 24.0.0-24.0.1 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0_-_24.0.1`	24.0.0-24.0.1

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7274733	external
https://www.ibm.com/support/pages/node/7274738	external
https://www.ibm.com/support/pages/node/7274740	external
https://www.ibm.com/support/pages/node/7275033	external
https://www.ibm.com/support/pages/node/7275252	external
https://www.ibm.com/support/pages/node/7276304	external
https://www.ibm.com/support/pages/node/7276302	external
https://www.ibm.com/support/pages/node/7276303	external
https://www.ibm.com/support/pages/node/7276790	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM WebSphere Application Server ausnutzen, um Sicherheitsvorkehrungen zu umgehen und Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1762 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1762.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1762 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1762"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7274733 vom 2026-06-01",
        "url": "https://www.ibm.com/support/pages/node/7274733"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7274738 vom 2026-06-01",
        "url": "https://www.ibm.com/support/pages/node/7274738"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7274740 vom 2026-06-01",
        "url": "https://www.ibm.com/support/pages/node/7274740"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7275033 vom 2026-06-03",
        "url": "https://www.ibm.com/support/pages/node/7275033"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7275252 vom 2026-06-05",
        "url": "https://www.ibm.com/support/pages/node/7275252"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7276304 vom 2026-06-15",
        "url": "https://www.ibm.com/support/pages/node/7276304"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7276302 vom 2026-06-15",
        "url": "https://www.ibm.com/support/pages/node/7276302"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7276303 vom 2026-06-15",
        "url": "https://www.ibm.com/support/pages/node/7276303"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7276790 vom 2026-06-17",
        "url": "https://www.ibm.com/support/pages/node/7276790"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM WebSphere Application Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-16T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-17T11:29:53.148+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1762",
      "initial_release_date": "2026-06-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-06-14T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-06-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "24.0.0-24.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0-24.0.1",
                  "product_id": "T052523",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0_-_24.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.0.0-25.0.1",
                "product": {
                  "name": "IBM Business Automation Workflow 25.0.0-25.0.1",
                  "product_id": "T052524",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:25.0.0_-_25.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Key Lifecycle Manager",
            "product": {
              "name": "IBM Tivoli Key Lifecycle Manager",
              "product_id": "T026238",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "IP Edition 4.2.0",
                "product": {
                  "name": "IBM Tivoli Network Manager IP Edition 4.2.0",
                  "product_id": "T048330",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition_4.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Network Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.5.5.30",
                "product": {
                  "name": "IBM WebSphere Application Server \u003c8.5.5.30",
                  "product_id": "T054351"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.5.30",
                "product": {
                  "name": "IBM WebSphere Application Server 8.5.5.30",
                  "product_id": "T054351-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.30"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.5.29",
                "product": {
                  "name": "IBM WebSphere Application Server \u003c9.0.5.29",
                  "product_id": "T054928"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.5.29",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0.5.29",
                  "product_id": "T054928-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          },
          {
            "category": "product_name",
            "name": "IBM WebSphere Service Registry and Repository",
            "product": {
              "name": "IBM WebSphere Service Registry and Repository",
              "product_id": "T048917",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-8644",
      "product_status": {
        "known_affected": [
          "T054351",
          "T054928",
          "T048917",
          "T052524",
          "T026238",
          "T048330",
          "T052523"
        ]
      },
      "release_date": "2026-06-01T22:00:00.000+00:00",
      "title": "CVE-2026-8644"
    },
    {
      "cve": "CVE-2026-9311",
      "product_status": {
        "known_affected": [
          "T054351",
          "T054928",
          "T048917",
          "T052524",
          "T026238",
          "T048330",
          "T052523"
        ]
      },
      "release_date": "2026-06-01T22:00:00.000+00:00",
      "title": "CVE-2026-9311"
    },
    {
      "cve": "CVE-2026-9319",
      "product_status": {
        "known_affected": [
          "T054351",
          "T054928",
          "T048917",
          "T052524",
          "T026238",
          "T048330",
          "T052523"
        ]
      },
      "release_date": "2026-06-01T22:00:00.000+00:00",
      "title": "CVE-2026-9319"
    },
    {
      "cve": "CVE-2026-9330",
      "product_status": {
        "known_affected": [
          "T054351",
          "T054928",
          "T048917",
          "T052524",
          "T026238",
          "T048330",
          "T052523"
        ]
      },
      "release_date": "2026-06-01T22:00:00.000+00:00",
      "title": "CVE-2026-9330"
    }
  ]
}

CVE-2026-8644 (GCVE-0-2026-8644)

Vulnerability from cvelistv5 – Published: 2026-06-01 17:46 – Updated: 2026-06-01 19:32

Title

IBM WebSphere Application Server is affected by an identity spoofing vulnerability

Summary

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7274740	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	WebSphere Application Server	Affected: 9.0 , ≤ 1.1.9.12 (semver) Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:::::::* cpe:2.3:a:ibm:websphere_application_server:9.0.0:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-8644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T19:32:21.917777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-01T19:32:31.456Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
          ],
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9.12",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.\u003c/p\u003e"
            }
          ],
          "value": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T17:46:04.519Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7274740"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71422.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274652\" rel=\"nofollow\"\u003ePH71422\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274652\" rel=\"nofollow\"\u003ePH71422\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71422.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71422 https://www.ibm.com/support/pages/node/7274652 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71422 https://www.ibm.com/support/pages/node/7274652 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "title": "IBM WebSphere Application Server is affected by an identity spoofing vulnerability",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-8644",
    "datePublished": "2026-06-01T17:46:04.519Z",
    "dateReserved": "2026-05-14T20:28:37.520Z",
    "dateUpdated": "2026-06-01T19:32:31.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9311 (GCVE-0-2026-9311)

Vulnerability from cvelistv5 – Published: 2026-06-01 17:49 – Updated: 2026-06-02 03:56

Title

IBM WebSphere Application Server is affected by remote code execution

Summary

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

Severity

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7274733	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	WebSphere Application Server	Affected: 9.0 , ≤ 1.1.9.12 (semver) Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:::::::* cpe:2.3:a:ibm:websphere_application_server:9.0.0:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9311",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T03:56:05.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
          ],
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9.12",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.\u003c/p\u003e"
            }
          ],
          "value": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T17:49:42.366Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7274733"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71453.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274233\" rel=\"nofollow\"\u003ePH71453\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274233\" rel=\"nofollow\"\u003ePH71453\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71453.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71453 https://www.ibm.com/support/pages/node/7274233 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71453 https://www.ibm.com/support/pages/node/7274233 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "title": "IBM WebSphere Application Server is affected by remote code execution",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-9311",
    "datePublished": "2026-06-01T17:49:42.366Z",
    "dateReserved": "2026-05-22T18:36:49.976Z",
    "dateUpdated": "2026-06-02T03:56:05.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9319 (GCVE-0-2026-9319)

Vulnerability from cvelistv5 – Published: 2026-06-01 17:59 – Updated: 2026-06-02 13:45

Title

IBM WebSphere Application Server is affected by a remote code execution vulnerability

Summary

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.

Severity

9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7274738	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	WebSphere Application Server	Affected: 9.0 , ≤ 1.1.9.12 (semver) Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:::::::* cpe:2.3:a:ibm:websphere_application_server:9.0.0:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9319",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T03:56:07.821975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T13:45:07.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
          ],
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9.12",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.\u003c/p\u003e"
            }
          ],
          "value": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T17:59:43.755Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7274738"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71454.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274234\" rel=\"nofollow\"\u003ePH71454\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274234\" rel=\"nofollow\"\u003ePH71454\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71454.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71454 https://www.ibm.com/support/pages/node/7274234 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71454 https://www.ibm.com/support/pages/node/7274234 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "title": "IBM WebSphere Application Server is affected by a remote code execution vulnerability",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-9319",
    "datePublished": "2026-06-01T17:59:43.755Z",
    "dateReserved": "2026-05-22T20:33:29.999Z",
    "dateUpdated": "2026-06-02T13:45:07.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9330 (GCVE-0-2026-9330)

Vulnerability from cvelistv5 – Published: 2026-06-01 18:01 – Updated: 2026-06-02 03:56

Title

IBM WebSphere Application Server is affected by remote code execution

Summary

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

Severity

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

ibm

References

1 reference

URL	Tags
https://www.ibm.com/support/pages/node/7274733	vendor-advisorypatch

Impacted products

1 product

Vendor	Product	Version
IBM	WebSphere Application Server	Affected: 9.0 , ≤ 1.1.9.12 (semver) Affected: 8.5 cpe:2.3:a:ibm:websphere_application_server:9.0:::::::* cpe:2.3:a:ibm:websphere_application_server:9.0.0:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5:::::::* cpe:2.3:a:ibm:websphere_application_server:8.5.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T03:56:04.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
          ],
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "1.1.9.12",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.\u003c/p\u003e"
            }
          ],
          "value": "IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-01T18:01:06.482Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7274733"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71453.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.28:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274233\" rel=\"nofollow\"\u003ePH71453\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7274233\" rel=\"nofollow\"\u003ePH71453\u003c/a\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71453.\n\n\n\nFor IBM WebSphere Application Server traditional:\n\n\n\nFor V9.0.0.0 through 9.0.5.28:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71453 https://www.ibm.com/support/pages/node/7274233 \n--OR--\n\u00b7 Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).\u00a0\n\n\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH71453 https://www.ibm.com/support/pages/node/7274233 \n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).\u00a0\n\n\n\n\n\n\n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "title": "IBM WebSphere Application Server is affected by remote code execution",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-9330",
    "datePublished": "2026-06-01T18:01:06.482Z",
    "dateReserved": "2026-05-22T22:15:58.580Z",
    "dateUpdated": "2026-06-02T03:56:04.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1762

CVE-2026-8644 (GCVE-0-2026-8644)

CVE-2026-9311 (GCVE-0-2026-9311)

CVE-2026-9319 (GCVE-0-2026-9319)

CVE-2026-9330 (GCVE-0-2026-9330)

Tags

Sightings

Nomenclature