CVE-2026-8855

HIGH

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

CVSS v3.1 Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

HIGH

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 5/26/2026Modified: 5/26/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-8855 — IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial o...

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

CVE-2026-8855

May 26, 2026NIST NVD

References (1)

https://www.ibm.com/support/pages/node/7274065Vendor Advisory