CVE-2026-8856

CVE Database · CVE-2026-8856

CVE-2026-8856

· HIGHAnalyzed

CVSS v3.1

7.7

EPSS

0.20%

Published

May 26, 2026

Modified

May 26, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Weaknesses (CWE)

CWE-400

Affected Products (6)

ibm · http_server (up to 8.5.5.30)vulnerable

ibm · http_server (up to 9.0.5.29)vulnerable

ibm · aix

ibm · z\/os

linux · linux_kernel

microsoft · windows

References (1)

https://www.ibm.com/support/pages/node/7274065

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs