IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

IBM WebSphere Application Server versions 9.0 and 8.5 contain a critical remote code execution vulnerability (CVE-2026-9311) caused by the bypass of security controls. This vulnerability allows attackers to execute arbitrary code remotely on affected WebSphere instances. The vulnerability affects two major versions of the widely-used enterprise application server platform. IBM has published security advisories addressing this issue. Organizations running affected WebSphere versions should prioritize patching due to the high severity and remote exploitation potential.