CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-8646

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 25.6%

CVSS Severity

CVSS v3 Score 7.4

References

https://www.ibm.com/support/pages/node/7276579

Products affected by CVE-2026-8646

Ibm » Websphere Application Server » Version: 17.0.0.3

cpe:2.3:a:ibm:websphere_application_server:17.0.0.3
Ibm » Websphere Application Server » Version: 17.0.0.4

cpe:2.3:a:ibm:websphere_application_server:17.0.0.4
Ibm » Websphere Application Server » Version: 18.0.0.1

cpe:2.3:a:ibm:websphere_application_server:18.0.0.1
Ibm » Websphere Application Server » Version: 18.0.0.2

cpe:2.3:a:ibm:websphere_application_server:18.0.0.2
Ibm » Websphere Application Server » Version: 18.0.0.3

cpe:2.3:a:ibm:websphere_application_server:18.0.0.3
Ibm » Websphere Application Server » Version: 18.0.0.4

cpe:2.3:a:ibm:websphere_application_server:18.0.0.4
Ibm » Websphere Application Server » Version: 19.0.0.1

cpe:2.3:a:ibm:websphere_application_server:19.0.0.1
Ibm » Websphere Application Server » Version: 19.0.0.10

cpe:2.3:a:ibm:websphere_application_server:19.0.0.10
Ibm » Websphere Application Server » Version: 19.0.0.11

cpe:2.3:a:ibm:websphere_application_server:19.0.0.11
Ibm » Websphere Application Server » Version: 19.0.0.12

cpe:2.3:a:ibm:websphere_application_server:19.0.0.12
Ibm » Websphere Application Server » Version: 19.0.0.2

cpe:2.3:a:ibm:websphere_application_server:19.0.0.2
Ibm » Websphere Application Server » Version: 19.0.0.3

cpe:2.3:a:ibm:websphere_application_server:19.0.0.3
Ibm » Websphere Application Server » Version: 19.0.0.4

cpe:2.3:a:ibm:websphere_application_server:19.0.0.4
Ibm » Websphere Application Server » Version: 19.0.0.5

cpe:2.3:a:ibm:websphere_application_server:19.0.0.5
Ibm » Websphere Application Server » Version: 19.0.0.6

cpe:2.3:a:ibm:websphere_application_server:19.0.0.6
Ibm » Websphere Application Server » Version: 19.0.0.7

cpe:2.3:a:ibm:websphere_application_server:19.0.0.7
Ibm » Websphere Application Server » Version: 19.0.0.8

cpe:2.3:a:ibm:websphere_application_server:19.0.0.8
Ibm » Websphere Application Server » Version: 19.0.0.9

cpe:2.3:a:ibm:websphere_application_server:19.0.0.9
Ibm » Websphere Application Server » Version: 20.0.0.1

cpe:2.3:a:ibm:websphere_application_server:20.0.0.1
Ibm » Websphere Application Server » Version: 20.0.0.10

cpe:2.3:a:ibm:websphere_application_server:20.0.0.10
Ibm » Websphere Application Server » Version: 20.0.0.11

cpe:2.3:a:ibm:websphere_application_server:20.0.0.11
Ibm » Websphere Application Server » Version: 20.0.0.12

cpe:2.3:a:ibm:websphere_application_server:20.0.0.12
Ibm » Websphere Application Server » Version: 20.0.0.2

cpe:2.3:a:ibm:websphere_application_server:20.0.0.2
Ibm » Websphere Application Server » Version: 20.0.0.3

cpe:2.3:a:ibm:websphere_application_server:20.0.0.3
Ibm » Websphere Application Server » Version: 20.0.0.4

cpe:2.3:a:ibm:websphere_application_server:20.0.0.4
Ibm » Websphere Application Server » Version: 20.0.0.5

cpe:2.3:a:ibm:websphere_application_server:20.0.0.5
Ibm » Websphere Application Server » Version: 20.0.0.6

cpe:2.3:a:ibm:websphere_application_server:20.0.0.6
Ibm » Websphere Application Server » Version: 20.0.0.7

cpe:2.3:a:ibm:websphere_application_server:20.0.0.7
Ibm » Websphere Application Server » Version: 20.0.0.8

cpe:2.3:a:ibm:websphere_application_server:20.0.0.8
Ibm » Websphere Application Server » Version: 20.0.0.9

cpe:2.3:a:ibm:websphere_application_server:20.0.0.9
Ibm » Websphere Application Server » Version: 21.0.0.1

cpe:2.3:a:ibm:websphere_application_server:21.0.0.1
Ibm » Websphere Application Server » Version: 21.0.0.10

cpe:2.3:a:ibm:websphere_application_server:21.0.0.10
Ibm » Websphere Application Server » Version: 21.0.0.12

cpe:2.3:a:ibm:websphere_application_server:21.0.0.12
Ibm » Websphere Application Server » Version: 21.0.0.2

cpe:2.3:a:ibm:websphere_application_server:21.0.0.2
Ibm » Websphere Application Server » Version: 21.0.0.3

cpe:2.3:a:ibm:websphere_application_server:21.0.0.3
Ibm » Websphere Application Server » Version: 21.0.0.4

cpe:2.3:a:ibm:websphere_application_server:21.0.0.4
Ibm » Websphere Application Server » Version: 21.0.0.5

cpe:2.3:a:ibm:websphere_application_server:21.0.0.5
Ibm » Websphere Application Server » Version: 22.0.0.1

cpe:2.3:a:ibm:websphere_application_server:22.0.0.1
Ibm » Websphere Application Server » Version: 22.0.0.5

cpe:2.3:a:ibm:websphere_application_server:22.0.0.5
Ibm » Websphere Application Server » Version: 22.0.0.6

cpe:2.3:a:ibm:websphere_application_server:22.0.0.6
Ibm » Websphere Application Server » Version: 23.0.0.3

cpe:2.3:a:ibm:websphere_application_server:23.0.0.3
Ibm » Websphere Application Server » Version: 24.0.0.3

cpe:2.3:a:ibm:websphere_application_server:24.0.0.3
Ibm » Websphere Application Server » Version: 24.0.0.4

cpe:2.3:a:ibm:websphere_application_server:24.0.0.4
Ibm » Websphere Application Server » Version: 24.0.0.5

cpe:2.3:a:ibm:websphere_application_server:24.0.0.5
Ibm » Websphere Application Server » Version: 24.0.0.6

cpe:2.3:a:ibm:websphere_application_server:24.0.0.6
Ibm » Websphere Application Server » Version: 8.5.0.0

cpe:2.3:a:ibm:websphere_application_server:8.5.0.0
Ibm » Websphere Application Server » Version: 8.5.0.1

cpe:2.3:a:ibm:websphere_application_server:8.5.0.1
Ibm » Websphere Application Server » Version: 8.5.0.2

cpe:2.3:a:ibm:websphere_application_server:8.5.0.2
Ibm » Websphere Application Server » Version: 8.5.5.0

cpe:2.3:a:ibm:websphere_application_server:8.5.5.0
Ibm » Websphere Application Server » Version: 8.5.5.1

cpe:2.3:a:ibm:websphere_application_server:8.5.5.1
Ibm » Websphere Application Server » Version: 8.5.5.10

cpe:2.3:a:ibm:websphere_application_server:8.5.5.10
Ibm » Websphere Application Server » Version: 8.5.5.11

cpe:2.3:a:ibm:websphere_application_server:8.5.5.11
Ibm » Websphere Application Server » Version: 8.5.5.12

cpe:2.3:a:ibm:websphere_application_server:8.5.5.12
Ibm » Websphere Application Server » Version: 8.5.5.13

cpe:2.3:a:ibm:websphere_application_server:8.5.5.13
Ibm » Websphere Application Server » Version: 8.5.5.14

cpe:2.3:a:ibm:websphere_application_server:8.5.5.14
Ibm » Websphere Application Server » Version: 8.5.5.15

cpe:2.3:a:ibm:websphere_application_server:8.5.5.15
Ibm » Websphere Application Server » Version: 8.5.5.16

cpe:2.3:a:ibm:websphere_application_server:8.5.5.16
Ibm » Websphere Application Server » Version: 8.5.5.17

cpe:2.3:a:ibm:websphere_application_server:8.5.5.17
Ibm » Websphere Application Server » Version: 8.5.5.18

cpe:2.3:a:ibm:websphere_application_server:8.5.5.18
Ibm » Websphere Application Server » Version: 8.5.5.19

cpe:2.3:a:ibm:websphere_application_server:8.5.5.19
Ibm » Websphere Application Server » Version: 8.5.5.2

cpe:2.3:a:ibm:websphere_application_server:8.5.5.2
Ibm » Websphere Application Server » Version: 8.5.5.20

cpe:2.3:a:ibm:websphere_application_server:8.5.5.20
Ibm » Websphere Application Server » Version: 8.5.5.22

cpe:2.3:a:ibm:websphere_application_server:8.5.5.22
Ibm » Websphere Application Server » Version: 8.5.5.23

cpe:2.3:a:ibm:websphere_application_server:8.5.5.23
Ibm » Websphere Application Server » Version: 8.5.5.25

cpe:2.3:a:ibm:websphere_application_server:8.5.5.25
Ibm » Websphere Application Server » Version: 8.5.5.3

cpe:2.3:a:ibm:websphere_application_server:8.5.5.3
Ibm » Websphere Application Server » Version: 8.5.5.4

cpe:2.3:a:ibm:websphere_application_server:8.5.5.4
Ibm » Websphere Application Server » Version: 8.5.5.5

cpe:2.3:a:ibm:websphere_application_server:8.5.5.5
Ibm » Websphere Application Server » Version: 8.5.5.6

cpe:2.3:a:ibm:websphere_application_server:8.5.5.6
Ibm » Websphere Application Server » Version: 8.5.5.7

cpe:2.3:a:ibm:websphere_application_server:8.5.5.7
Ibm » Websphere Application Server » Version: 8.5.5.8

cpe:2.3:a:ibm:websphere_application_server:8.5.5.8
Ibm » Websphere Application Server » Version: 8.5.5.9

cpe:2.3:a:ibm:websphere_application_server:8.5.5.9
Ibm » Websphere Application Server » Version: 9.0.0.0

cpe:2.3:a:ibm:websphere_application_server:9.0.0.0
Ibm » Websphere Application Server » Version: 9.0.0.1

cpe:2.3:a:ibm:websphere_application_server:9.0.0.1
Ibm » Websphere Application Server » Version: 9.0.0.10

cpe:2.3:a:ibm:websphere_application_server:9.0.0.10
Ibm » Websphere Application Server » Version: 9.0.0.11

cpe:2.3:a:ibm:websphere_application_server:9.0.0.11
Ibm » Websphere Application Server » Version: 9.0.0.2

cpe:2.3:a:ibm:websphere_application_server:9.0.0.2
Ibm » Websphere Application Server » Version: 9.0.0.3

cpe:2.3:a:ibm:websphere_application_server:9.0.0.3
Ibm » Websphere Application Server » Version: 9.0.0.4

cpe:2.3:a:ibm:websphere_application_server:9.0.0.4
Ibm » Websphere Application Server » Version: 9.0.0.5

cpe:2.3:a:ibm:websphere_application_server:9.0.0.5
Ibm » Websphere Application Server » Version: 9.0.0.6

cpe:2.3:a:ibm:websphere_application_server:9.0.0.6
Ibm » Websphere Application Server » Version: 9.0.0.7

cpe:2.3:a:ibm:websphere_application_server:9.0.0.7
Ibm » Websphere Application Server » Version: 9.0.0.8

cpe:2.3:a:ibm:websphere_application_server:9.0.0.8
Ibm » Websphere Application Server » Version: 9.0.0.9

cpe:2.3:a:ibm:websphere_application_server:9.0.0.9
Ibm » Websphere Application Server » Version: 9.0.5.0

cpe:2.3:a:ibm:websphere_application_server:9.0.5.0
Ibm » Websphere Application Server » Version: 9.0.5.1

cpe:2.3:a:ibm:websphere_application_server:9.0.5.1
Ibm » Websphere Application Server » Version: 9.0.5.15

cpe:2.3:a:ibm:websphere_application_server:9.0.5.15
Ibm » Websphere Application Server » Version: 9.0.5.16

cpe:2.3:a:ibm:websphere_application_server:9.0.5.16
Ibm » Websphere Application Server » Version: 9.0.5.19

cpe:2.3:a:ibm:websphere_application_server:9.0.5.19
Ibm » Websphere Application Server » Version: 9.0.5.2

cpe:2.3:a:ibm:websphere_application_server:9.0.5.2
Ibm » Websphere Application Server » Version: 9.0.5.20

cpe:2.3:a:ibm:websphere_application_server:9.0.5.20
Ibm » Websphere Application Server » Version: 9.0.5.21

cpe:2.3:a:ibm:websphere_application_server:9.0.5.21
Ibm » Websphere Application Server » Version: 9.0.5.22

cpe:2.3:a:ibm:websphere_application_server:9.0.5.22
Ibm » Websphere Application Server » Version: 9.0.5.24

cpe:2.3:a:ibm:websphere_application_server:9.0.5.24
Ibm » Websphere Application Server » Version: 9.0.5.25

cpe:2.3:a:ibm:websphere_application_server:9.0.5.25
Ibm » Websphere Application Server » Version: 9.0.5.26

cpe:2.3:a:ibm:websphere_application_server:9.0.5.26
Ibm » Websphere Application Server » Version: 9.0.5.27

cpe:2.3:a:ibm:websphere_application_server:9.0.5.27
Ibm » Websphere Application Server » Version: 9.0.5.3

cpe:2.3:a:ibm:websphere_application_server:9.0.5.3
Ibm » Websphere Application Server » Version: 9.0.5.4

cpe:2.3:a:ibm:websphere_application_server:9.0.5.4
Ibm » Websphere Application Server » Version: 9.0.5.5

cpe:2.3:a:ibm:websphere_application_server:9.0.5.5
Ibm » Websphere Application Server » Version: 9.0.5.6

cpe:2.3:a:ibm:websphere_application_server:9.0.5.6
Ibm » Websphere Application Server » Version: 9.0.5.7

cpe:2.3:a:ibm:websphere_application_server:9.0.5.7
Ibm » Websphere Application Server » Version: 9.0.5.8

cpe:2.3:a:ibm:websphere_application_server:9.0.5.8
Apple » Macos » Version: N/A

cpe:2.3:o:apple:macos:-
Ibm » Aix » Version: N/A

cpe:2.3:o:ibm:aix:-
Ibm » I » Version: N/A

cpe:2.3:o:ibm:i:-
Ibm » Z/os » Version: N/A

cpe:2.3:o:ibm:z/os:-
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-8646

Products

Pricing

Contact Us