Vulnerability Details CVE-2026-9072
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 33.0%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2026-9072