CVE-2026-8854
Description
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM HTTP Server 8.5 and 9.0 are vulnerable to denial of service via the optional mod_mem_cache module.
Vulnerability
IBM HTTP Server versions 8.5 and 9.0 are vulnerable to denial of service via the optional module mod_mem_cache. The vulnerability resides in the caching mechanism and can be triggered without authentication. [1]
Exploitation
An unauthenticated attacker can send specially crafted HTTP requests to a server that has mod_mem_cache enabled. The requests exploit a flaw in the module's memory handling, causing the server to consume excessive resources or crash. [1]
Impact
Successful exploitation results in a denial of service, rendering the HTTP server unavailable. The confidentiality and integrity of data are not affected. [1]
Mitigation
IBM has released a security bulletin addressing this vulnerability. Administrators should apply the recommended fix by updating to the latest version of IBM HTTP Server as specified in the bulletin. If the module is not required, disabling mod_mem_cache can serve as a workaround. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 8.5, 9.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.ibm.com/support/pages/node/7274065nvdVendor Advisory
News mentions
0No linked articles in our index yet.