Critical severity9.0NVD Advisory· Published Jun 1, 2026· Updated Jun 4, 2026
CVE-2026-9319
CVE-2026-9319
Description
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*+ 1 more
- cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*range: >=8.5.0.0,<8.5.5.30
- (no CPE)range: 9.0, 8.5
Patches
Vulnerability mechanics
References
1- www.ibm.com/support/pages/node/7274738nvdVendor Advisory
News mentions
1- IBM WebSphere: Five RCE and Spoofing Vulnerabilities Disclosed TogetherVypr Intelligence · Jun 1, 2026