IBM HTTP Server 8.5-9.0 InvPtr Deref Authenticated DoS/Info Leak
CVE-2026-8835 Published on May 26, 2026
IBM HTTP Server is affected by multiple vulnerabilities
IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
HIGH
Weakness Type
Untrusted Pointer Dereference
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Products Associated with CVE-2026-8835
Want to know whenever a new CVE is published for IBM Http Server? stack.watch will email you.
Affected Versions
IBM HTTP Server:- Version 8.5.0, <= Interim Fix 002 is affected.
- Version 9.0 is affected.