CVE-2026-9330NVD

Vulnerability Summary

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

Severity Level

HIGH(8.5)

Published Date

Jun 1, 2026

Last Modified

Jun 4, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-502: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

EPSS Score (30-Day)

0.36%Probability

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.ibm.com/support/pages/node/7274733