IBM WebSphere Application Server is affected by remote code execution

9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

AI Analysis

Remote code execution vulnerability in IBM WebSphere Application Server due to bypass of security controls

Basic Information

ID CVE-2026-9311

Source ibm

Published Jun 1, 2026 at 17:49

Affected Product

Vendor IBM

Product WebSphere Application Server

Version 9.0

Affected Versions IBM WebSphere Application Server 9.0
IBM WebSphere Application Server 8.5

CWE Classification

CWE-94

AI Assessment

AI Score 9 / 10

AI Severity Critical

Vendor IBM

Product WebSphere Application Server

Version 8.5, 9.0

References

www.ibm.com /support/pages/node/7274733

{
    "lastseen": "",
    "description": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.",
    "published": "2026-06-01T17:49:42.366Z",
    "modified": "2026-06-01T17:49:42.366Z",
    "type": "cve",
    "title": "IBM WebSphere Application Server is affected by remote code execution",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7274733",
    "id": "CVE-2026-9311",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "IBM WebSphere Application Server 9.0\nIBM WebSphere Application Server 8.5",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WebSphere Application Server",
    "version": "9.0",
    "vendor": "IBM",
    "ai_description": "Remote code execution vulnerability in IBM WebSphere Application Server due to bypass of security controls",
    "ai_severity": "Critical",
    "ai_vendor": "IBM",
    "ai_product": "WebSphere Application Server",
    "ai_version": "8.5, 9.0",
    "ai_score": 9
}

IBM WebSphere Application Server is affected by remote code execution_CVE-2026-9311