CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference

HIGHScheduled

Published:May 26, 2026(6 days ago)

Modified:May 26, 2026

Adjacent NetworkNo InteractionLow Complexity

Vulnerability Description

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.

Attack Characteristics

ADJACENT_NETWORKLow ComplexityLow PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

Timeline

Published
CVE disclosed publicly
May 26, 20266 days ago
Last Modified
Most recent update
May 26, 20266 days ago
Indexed to CVEInsight
Added to this platform
May 26, 20265 days ago

References

https://www.ibm.com/support/pages/node/7274065

CVSS Score

v3.1

7.3/ 10.0

HIGH

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

At a Glance

Affected Products

References

Official Sources

CVSS v3 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability

Attack VectorAdjacent

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Impact

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityHigh

CVE-2026-8835

✦ Vulnerability Description

Attack Characteristics

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description