Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-9006
PUBLISHED
More InfoOfficial Page
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
View Known Exploited Vulnerability (KEV) details
Published At-22 Jun, 2026 | 14:46
Updated At-24 Jun, 2026 | 03:56
Rejected At-
▼CVE Numbering Authority (CNA)
IBM WebSphere Application Server is affected by server-side request forgery

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

Affected Products
Vendor
IBM CorporationIBM
Product
WebSphere Application Server
CPEs
  • cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
Versions
Affected
  • From 9.0 through 7.0.2 Interim Fix 035 (semver)
  • From 8.5.0 through 7.0.3 Interim Fix 017 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71556. For IBM WebSphere Application Server traditional: For V9.0.0.0 through 9.0.5.28: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 --OR-- · Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).  For V8.5.0.0 through 8.5.5.29: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71556 https://www.ibm.com/support/pages/node/7276400 --OR-- · Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).  Additional interim fixes may be available and linked off the interim fix download page.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7276600
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7276600
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found