IBM WebSphere App Server 8.5/9.0 PLUGIN DoS/CodeExec via Improper Validation
CVE-2026-9170 Published on May 26, 2026
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected DOS and RCE.
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to denial of service and a potential remote code execution due to improper input validation.
Vulnerability Analysis
CVE-2026-9170 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is a HTTP Request Smuggling Vulnerability?
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
CVE-2026-9170 has been classified to as a HTTP Request Smuggling vulnerability or weakness.
Products Associated with CVE-2026-9170
Want to know whenever a new CVE is published for IBM Web Server Plug Ins Websphere Application Server Websphere Liberty? stack.watch will email you.
