CVE-2026-8855

CVE Database · CVE-2026-8855

CVE-2026-8855

· HIGHAnalyzed

CVSS v3.1

8.1

EPSS

0.46%

Published

May 26, 2026

Modified

May 26, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-94

Affected Products (6)

ibm · http_server (up to 8.5.5.30)vulnerable

ibm · http_server (up to 9.0.5.29)vulnerable

ibm · aix

ibm · z\/os

linux · linux_kernel

microsoft · windows

References (1)

https://www.ibm.com/support/pages/node/7274065

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs