Main Vulnerability Database Vulnerabilities #VU133292

Deserialization of Untrusted Data in IBM WebSphere Application Server - CVE-2026-9330

Published: June 3, 2026

Vulnerability identifier: #VU133292

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2026-9330

CWE-ID: CWE-502

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM WebSphere Application Server

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. A remote user can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2026-9330

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/7274733

Deserialization of Untrusted Data in IBM WebSphere Application Server - CVE-2026-9330

Detailed vulnerability description

How to mitigate CVE-2026-9330

Sources

Please verify you're human