Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-9330
PUBLISHED
More InfoOfficial Page
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
View Known Exploited Vulnerability (KEV) details
Published At-01 Jun, 2026 | 18:01
Updated At-02 Jun, 2026 | 03:56
Rejected At-
▼CVE Numbering Authority (CNA)
IBM WebSphere Application Server is affected by remote code execution

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

Affected Products
Vendor
IBM CorporationIBM
Product
WebSphere Application Server
CPEs
  • cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
Versions
Affected
  • From 9.0 through 1.1.9.12 (semver)
  • 8.5
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH71453. For IBM WebSphere Application Server traditional: For V9.0.0.0 through 9.0.5.28: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71453 https://www.ibm.com/support/pages/node/7274233 --OR-- · Apply Fix Pack 9.0.5.29 or later (targeted availability 3Q2026).  For V8.5.0.0 through 8.5.5.29: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH71453 https://www.ibm.com/support/pages/node/7274233 --OR-- · Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026).  Additional interim fixes may be available and linked off the interim fix download page.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7274733
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7274733
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found