VYPR
High severity8.5NVD Advisory· Published Jun 1, 2026· Updated Jun 4, 2026

CVE-2026-9330

CVE-2026-9330

Description

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*+ 1 more
    • cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*range: >=8.5.0.0,<8.5.5.30
    • (no CPE)range: 9.0, 8.5

Patches

Vulnerability mechanics

References

1

News mentions

1