CVE-2026-8855
published 2026-05-26CVE-2026-8855: IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | http_server | — | — |
| ibm | http_server | 8.5.0 – Interim Fix 002 | — |
| ibm | http_server | >= 8.5.0.0 < 8.5.5.30 | 8.5.5.30 |
| ibm | http_server | >= 9.0.0.0 < 9.0.5.29 | 9.0.5.29 |