IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using the Web Server Plug-ins (CVE-2026-9072, CVE-2026-8858, CVE-2026-10852)

Authors: Created by IBM

IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and a denial of service when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. CVEID: CVE-2026-10852 ^[1]
DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass...

Just published by IBM: Read more