Denial of Service via WebSphere WebServer Plug-in in IBM WAS 7.3-7.6
CVE-2026-10852 Published on June 22, 2026
Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Application Server Liberty
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
Vulnerability Analysis
CVE-2026-10852 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2026-10852
Want to know whenever a new CVE is published for IBM I? stack.watch will email you.
Affected Versions
IBM i:- Version 7.6 is affected.
- Version 7.5 is affected.
- Version 7.4 is affected.
- Version 7.3 is affected.