CVE-2026-9330

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.

502

Deserialization of Untrusted Data

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context

Applicable Platforms

Languages: Java, Ruby, PHP, Python, JavaScript

Technologies: Not Technology-Specific, ICS/OT, AI/ML

Likelihood of Exploit: Medium

View CWE Details

https://www.ibm.com/support/pages/node/7274733

CVE-2026-9330

Description

Deserialization of Untrusted Data

Common Consequences

Applicable Platforms

Iscriviti alla newsletter