Question 1

What is CVE-2026-9006 — CVE-2026-9006?

Accepted Answer

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

Question 2

What is the authoritative source for CVE-2026-9006?

Accepted Answer

CVE-2026-9006 (CVE-2026-9006) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	7.4 ()
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Last modified	2026-06-23

CVE-2026-9006CVE-2026-9006

Description

Scoring