CVE-2026-8835

Published May 26, 2026

Last updated 4 days ago

CVSS high 7.3

Overview

Description: IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.
Source: psirt@us.ibm.com
NVD status: Analyzed
Products: http_server

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.3
Impact score: 5.2
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: HIGH

Weaknesses

psirt@us.ibm.com: CWE-822

Hype score: Not currently trending

🚨 HIGH: CVE-2026-8835 (CVSS 7.3) IBM HTTP Server 8.5 & 9.0 vulnerable to invalid pointer dereference. Privileged users can expose sensitive data or cause DoS via Admin Server. Patch immediately. #CVE #PatchNow #ThreatIntel https://t.co/WyYW2qOf6F
@DFIR_Lab
28 May 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D02EA5D6-7556-4C20-A991-6DC5F6B7351B",
            "versionEndExcluding": "8.5.5.30",
            "versionStartIncluding": "8.5.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F7790D7F-B70F-4278-877B-DE501C60A9B5",
            "versionEndExcluding": "9.0.5.29",
            "versionStartIncluding": "9.0.0.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References