CVE-2026-10852 PUBLISHED

IBM i is Affected By a Denial of Service in IBM WebSphere Application Server Liberty

Assigner: ibm
Reserved: 04.06.2026 Published: 22.06.2026 Updated: 23.06.2026

IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 5.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	i
Versions	Version 7.6 is affected Version 7.5 is affected Version 7.4 is affected Version 7.3 is affected

Solutions

IBM strongly recommends addressing the vulnerabilities now.

IBM i Release5770-SS1 Option 3 PTF Number(s)PTF Download Link(s)7.6SJ10122 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122 7.5SJ10121 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121 7.4SJ10120 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120 7.3SJ10119 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119

IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.

References

https://www.ibm.com/support/pages/node/7277344

Problem Types

CWE-476 NULL Pointer Dereference CWE