IBM WebSphere App Server 8.5-9.0 RCE via Security Control Bypass
CVE-2026-9311 Published on June 1, 2026
IBM WebSphere Application Server is affected by remote code execution
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
Vulnerability Analysis
CVE-2026-9311 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2026-9311 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2026-9311
Want to know whenever a new CVE is published for IBM WebSphere Application Server? stack.watch will email you.
Affected Versions
IBM WebSphere Application Server:- Version 9.0, <= 1.1.9.12 is affected.
- Version 8.5 is affected.