AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-9319: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of

criticalvulnerability

security

Source: NVD/CVE DatabaseJune 1, 2026CVE-2026-9319

Summary

IBM WebSphere Application Server versions 9.0 and 8.5 have a vulnerability that allows remote code execution (running malicious commands on a server from a distance) through deserialization of untrusted data (converting unverified data from a network connection back into executable code) in JAX-WS endpoints with WS-Security (web service security features).

Vulnerability Details

CVSS Score

9(critical)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

network

Attack Complexity

high

Privileges Required

none

User Interaction

none

Disclosure Date

June 1, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-9319

First tracked: June 2, 2026 at 02:08 AM

Classified by LLM (prompt v3) · confidence: 95%