CVE-2026-8856
published 2026-05-26CVE-2026-8856: IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | http_server | — | — |
| ibm | http_server | 8.5.0 – Interim Fix 002 | — |
| ibm | http_server | >= 8.5.0.0 < 8.5.5.30 | 8.5.5.30 |
| ibm | http_server | >= 9.0.0.0 < 9.0.5.29 | 9.0.5.29 |