IBM WAS 9.0/8.5 SAML WebSSO RCE via Deserialization Gadget
CVE-2026-9330 Published on June 1, 2026

IBM WebSphere Application Server is affected by remote code execution
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-9330 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-9330 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2026-9330

Want to know whenever a new CVE is published for IBM WebSphere Application Server? stack.watch will email you.

IBM WebSphere Application Server

Affected Versions

IBM WebSphere Application Server:

Version 9.0, <= 1.1.9.12 is affected.
Version 8.5 is affected.

IBM WAS 9.0/8.5 SAML WebSSO RCE via Deserialization GadgetCVE-2026-9330 Published on June 1, 2026

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2026-9330

Affected Versions

IBM WAS 9.0/8.5 SAML WebSSO RCE via Deserialization Gadget
CVE-2026-9330 Published on June 1, 2026