CVE-2026-9072 IBM CVE debrief

Who should care

Security teams and administrators responsible for IBM WebSphere Application Server and IBM WebSphere Application Server Liberty should be aware of this vulnerability and take necessary steps to mitigate it. This vulnerability can be exploited remotely, and an attacker can send crafted responses to the plug-in to impersonate backend servers. Affected organizations should review their systems and apply mitigation guidance provided by IBM.

Technical summary

The vulnerability occurs in the WebSphere WebServer Plug-in component when used with Intelligent Management. An attacker can exploit this vulnerability by sending crafted responses to the plug-in, impersonating backend servers. This allows for remote code execution and denial of service attacks. The vulnerability has a CVSS score of 8.1 and is considered high severity. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-94.

Defensive priority

High priority should be given to mitigating this vulnerability, as it can be exploited remotely and has a high CVSS score. Security teams and administrators should review their systems and apply mitigation guidance provided by IBM.

Recommended defensive actions

• Review and apply mitigation guidance provided by IBM.
• Ensure that Intelligent Management is not used with the WebSphere WebServer Plug-in component.
• Monitor systems for suspicious activity and implement additional security controls as necessary.
• Verify that systems are up-to-date with the latest security patches.
• Consider implementing compensating controls to detect and prevent exploitation.

Evidence notes

The CVE-2026-9072 vulnerability was published on June 22, 2026, and modified on June 24, 2026. The vulnerability affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVSS score for this vulnerability is 8.1, and it is considered high severity. IBM has provided mitigation guidance for this vulnerability.

Official resources