{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-10852","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2026-06-04T12:38:07.335Z","datePublished":"2026-06-22T19:32:28.668Z","dateUpdated":"2026-06-24T16:51:02.178Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-06-24T16:51:02.178Z"},"title":"Websphere Application Server is Affected By a Denial of Service in IBM WebSphere Application Server Liberty","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"i","versions":[{"status":"affected","version":"7.6"},{"status":"affected","version":"7.5"},{"status":"affected","version":"7.4"},{"status":"affected","version":"7.3"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.","supportingMedia":[{"type":"text/html","base64":false,"value":"

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.

"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7277344","tags":["vendor-advisory","patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseSeverity":"MEDIUM","baseScore":5.9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"solutions":[{"lang":"en","value":"IBM strongly recommends addressing the vulnerabilities now.\n\nIBM i Release5770-SS1 Option 3\nPTF Number(s)PTF Download Link(s)7.6SJ10122 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122 7.5SJ10121 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121 7.4SJ10120 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120 7.3SJ10119 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119 \n\n\n\nIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.","supportingMedia":[{"type":"text/html","base64":false,"value":"

IBM strongly recommends addressing the vulnerabilities now.

IBM i Release5770-SS1 Option 3
PTF Number(s)		PTF Download Link(s)
7.6SJ10122https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10122
7.5SJ10121https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10121
7.4SJ10120https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10120
7.3SJ10119https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10119

IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.

"}]}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-23T14:51:31.975238Z","id":"CVE-2026-10852","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-23T15:06:39.514Z"}}]}}