CVE-2026-9330

Vulnerability

IBM WebSphere Application Server versions 9.0 and 8.5 are affected by an improper validation of user-supplied data during deserialization within the SAML Web Single Sign-On component. This vulnerability can be triggered via a crafted HTTP request when combined with a suitable gadget chain [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request. This requires network access to the affected server and the ability to combine the request with a suitable gadget chain. No user interaction or specific privileges are explicitly mentioned as required for exploitation in the available references [1].

Impact

Successful exploitation of this vulnerability could result in remote code execution (RCE). The attacker gains the ability to execute arbitrary code on the affected system, potentially leading to a compromise of confidentiality, integrity, and availability [1].

Mitigation

IBM recommends applying an interim fix or a fix pack that contains the fix for APAR PH71453. For WebSphere Application Server traditional V9.0.0.0 through 9.0.5.28, upgrade to the minimal fix pack levels required by the interim fix and then apply it, or apply Fix Pack 9.0.5.29 or later (targeted for Q3 2026). For V8.5.0.0 through 8.5.5.29, upgrade to minimal fix pack levels and apply the interim fix, or apply Fix Pack 8.5.5.30 or later (targeted for Q3 2026) [1].