IBM HTTP Server 8.5/9.0 DoS via config write access
CVE-2026-8856 Published on May 26, 2026
IBM HTTP Server is affected by multiple vulnerabilities
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
Vulnerability Analysis
CVE-2026-8856 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-8856 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-8856
Want to know whenever a new CVE is published for IBM Http Server? stack.watch will email you.
Affected Versions
IBM HTTP Server:- Version 8.5.0, <= Interim Fix 002 is affected.
- Version 9.0 is affected.