CVE-2026-4410— IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service
Possible ATT&CK Techniques 2AI
T1190 · Exploit Public-Facing Application T1499 · Endpoint Denial of ServiceAffected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | WebSphere Application Server | 9.0 | affected |
8.5 | affected | ||
| IBM | WebSphere Application Server - Liberty | 19.0.0.7≤ 26.0.0.5 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-4410
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM WebSphere Application Server(WAS)等都是美国国际商业机器(IBM)公司的产品。IBM WebSphere Application Server是一款应用服务器产品。IBM WebSphere Application Server Liberty是一款构建于Open Liberty项目之上的Java应用程序服务器。IBM webMethods Integration Server是一个应用连接器。 IBM多款产品存在安全漏洞,该漏洞源于发送特制请求,可能导致远程攻击者
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | WebSphere Application Server - Liberty | 19.0.0.7 ~ 26.0.0.5 | cpe:2.3:a:ibm:websphere_application_server___liberty:19.0.0.7:*:*:*:*:*:*:* | |
| IBM | WebSphere Application Server | 9.0 | cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-4410
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-4410
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-4410 (1)
Same Patch Batch · IBM · 2026-05-27 · 29 CVEs total
| CVE-2026-7524 | 9.8 CRITICAL | Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System |
| CVE-2026-8175 | 9.8 CRITICAL | Multiple vulnerabilities in Aspera applications. |
| CVE-2026-5065 | 8.8 HIGH | IBM Controller is affected by vulnerabilities |
| CVE-2026-8179 | 8.8 HIGH | Multiple vulnerabilities in Aspera applications. |
| CVE-2026-7365 | 8.4 HIGH | IBM Operations Analytics - Log Analysis is affected by Information disclosure due to defau |
| CVE-2026-3623 | 7.8 HIGH | Vulnerabilities exists in IBM Netezza Performance Server Replication Services |
| CVE-2026-3366 | 7.5 HIGH | InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read |
| CVE-2026-8180 | 7.5 HIGH | Multiple vulnerabilities in Aspera applications. |
| CVE-2024-56462 | 7.2 HIGH | IBM QRadar SIEM is vulnerable to using components with known vulnerabilities |
| CVE-2026-7528 | 7.1 HIGH | Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure |
| CVE-2026-1718 | 7.1 HIGH | IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running |
| CVE-2026-8405 | 6.5 MEDIUM | IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerabilit |
| CVE-2026-9035 | 6.5 MEDIUM | Multiple vulnerabilities in Aspera applications. |
| CVE-2026-6938 | 6.5 MEDIUM | IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage |
| CVE-2026-6936 | 6.5 MEDIUM | IBM i is Affected by a Denial of Service Vulnerability [] |
| CVE-2026-6052 | 6.5 MEDIUM | IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC t |
| CVE-2026-3676 | 6.5 MEDIUM | There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Man |
| CVE-2024-40684 | 5.9 MEDIUM | IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate |
| CVE-2026-6053 | 5.5 MEDIUM | IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with |
| CVE-2026-6051 | 5.5 MEDIUM | IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query wi |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: WebSphere Application Server - Liberty
- CVE-2026-5516
IBM WebSphere Application Server Liberty is affected by a se - CVE-2026-3621
IBM WebSphere Application Server Liberty is affected by iden - CVE-2025-14917
IBM WebSphere Application Server Liberty could provide weake - CVE-2025-14915
IBM WebSphere Application Server Liberty is affected by a pr - CVE-2025-14923
IBM WebSphere Application Server Liberty could provide weake
Same vendor: IBM
- CVE-2026-1248
IBM Business Automation Workflow information leak - CVE-2026-7876
Authentication bypass vulnerability found in Aspera High-Spe - CVE-2026-7365
IBM Operations Analytics - Log Analysis is affected by Infor - CVE-2024-56462
IBM QRadar SIEM is vulnerable to using components with known - CVE-2024-40684
IBM Operations Analytics - Log Analysis is affected by Weak
V. Comments for CVE-2026-4410
No comments yet