CVE-2026-8856
CRITICAL WAF: Medium
CVSS 9.1
Published: 2026-05-26
CWE-400
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
WAF Coverage Analysis
Uncontrolled Resource Consumption
Medium WAF Coverage
OWASP: A05:2021 Security Misconfiguration
912xxx - DOS Protection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | http_server | 8.5.0.0 - 8.5.5.30 |
| ibm | http_server | 9.0.0.0 - 9.0.5.29 |
References
- www.ibm.com (Vendor Advisory)