IBM has issued a critical security bulletin regarding a remote code execution vulnerability in its WebSphere application server software, specifically affecting versions 8.5 and 9.0. This vulnerability, tracked as CVE-2026-8633, has a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary commands through specially crafted requests. A secondary vulnerability (CVE-2026-8620) introduces opportunities for HTTP request smuggling.
IBM recommends applying the latest software patches to mitigate these risks. Organizations are advised to test updates on non-production systems to prevent operational downtime, thereby protecting their data and maintaining software integrity.