CVE-2026-8856

Severity CVSS v4.0:
Pending analysis
Type:
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
26/05/2026
Last modified:
26/05/2026

Description

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:* 8.5.0.0 (including) 8.5.5.30 (excluding)
cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:* 9.0.0.0 (including) 9.0.5.29 (excluding)
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools