High severity8.5NVD Advisory· Published Jun 1, 2026· Updated Jun 4, 2026
CVE-2026-9330
CVE-2026-9330
Description
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*+ 1 more
- cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*range: >=8.5.0.0,<8.5.5.30
- (no CPE)range: 9.0, 8.5
Patches
Vulnerability mechanics
References
1- www.ibm.com/support/pages/node/7274733nvdVendor Advisory
News mentions
1- IBM WebSphere: Five RCE and Spoofing Vulnerabilities Disclosed TogetherVypr Intelligence · Jun 1, 2026