CVE-2026-13759: IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, Objec
Summary
IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 have a critical security flaw where three code components (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) lack proper filtering when deserializing untrusted data, allowing attackers to execute arbitrary code (RCE, remote code execution) on the system. An attacker with login access or network proximity to the system's replication communication can exploit this vulnerability through specially crafted Java object chains.
Vulnerability Details
7.5(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
network
high
low
none
June 30, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-13759
First tracked: June 30, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 95%