CVE-2026-8850
Description
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM HTTP Server 8.5 and 9.0 are vulnerable to denial of service via a NULL pointer dereference in the optional mod_ibm_upload module, allowing unauthenticated remote attackers to crash the server.
Vulnerability
IBM HTTP Server versions 8.5 and 9.0 are vulnerable to denial of service via the optional module mod_ibm_upload. The vulnerability is a NULL pointer dereference (CWE-476) that can be triggered remotely without authentication [1].
Exploitation
An unauthenticated attacker can send a specially crafted request to a server that has mod_ibm_upload enabled. This triggers a NULL pointer dereference, causing the server to crash or become unresponsive [1].
Impact
Successful exploitation results in a denial of service, impacting the availability of the server. The CVSS v3.1 base score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network attack vector, low complexity, no privileges required, no user interaction, and high availability impact [1].
Mitigation
IBM has released a fix for this vulnerability. Administrators should apply the latest security update for IBM HTTP Server 8.5 and 9.0. Refer to the IBM security bulletin [1] for the specific fix version and installation instructions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 8.5, 9.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.