PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10845 IBM CVE debrief

CVE-2026-10845 is a high-severity vulnerability in IBM WebSphere Application Server 8.5 and 9.0 that allows remote attackers to bypass authentication and gain unauthorized access to JAX-WS applications. The vulnerability has a CVSS score of 7.3 and is considered high severity. IBM has provided a vendor advisory for mitigation. Users should review their WebSphere Application Server versions 8.5.0.0 to 8.5.5.30 and 9.0.0.0 to 9.0.5.29 for potential exposure. Affected users are advised to apply the necessary patches or updates. IBM WebSphere Application Server administrators should verify their server configurations and ensure that all necessary security updates are applied.

Vendor
IBM
Product
WebSphere Application Server
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-22
Original CVE updated
2026-06-23
Advisory published
2026-06-22
Advisory updated
2026-06-23

Who should care

IBM WebSphere Application Server administrators and users, security teams, and IT professionals responsible for maintaining and securing WebSphere Application Server instances should be aware of this vulnerability. This vulnerability may impact organizations that use IBM WebSphere Application Server for their applications. Security teams should review their inventory of WebSphere Application Server instances and prioritize patching for high-severity vulnerabilities like CVE-2026-10845.

Technical summary

CVE-2026-10845 is an authentication bypass vulnerability in IBM WebSphere Application Server 8.5 and 9.0. The vulnerability allows remote attackers to bypass authentication and gain unauthorized access to JAX-WS applications. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.3, indicating high severity. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. The weakness associated with this vulnerability is CWE-287, Improper Authentication.

Defensive priority

High priority should be given to patching IBM WebSphere Application Server instances affected by CVE-2026-10845. Administrators should review their server configurations, verify the versions of WebSphere Application Server, and apply necessary patches or updates.

Recommended defensive actions

  • Review WebSphere Application Server versions and configurations for potential exposure.
  • Apply necessary patches or updates to vulnerable WebSphere Application Server instances.
  • Verify server configurations to ensure all necessary security updates are applied.
  • Monitor WebSphere Application Server instances for suspicious activity.
  • Consider implementing additional security measures to protect against authentication bypass attacks.

Evidence notes

The CVE-2026-10845 vulnerability details are based on information from the official CVE record and the National Vulnerability Database (NVD). The vulnerability has been analyzed and verified by IBM, and a vendor advisory has been provided. The CVSS score and vector have been assigned based on the vulnerability characteristics.

Official resources

This article is AI-assisted and based on the supplied source corpus.