CVE-2026-9006

Summary

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

Affected Software

VendorProductVersion RangeStatus
IBMWebSphere Application Server9.0 <= 7.0.2 Interim Fix 035affected
IBMWebSphere Application Server8.5.0 <= 7.0.3 Interim Fix 017affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References