CVE-2026-10845: WebSphere Application Server JAX-WS

CISO Take

IBM WebSphere Application Server 8.5 and 9.0 contain an authentication bypass vulnerability (CWE-287) in JAX-WS web service endpoints, enabling unauthenticated remote attackers to gain unauthorized access with zero prerequisites — no credentials, no privileges, no user interaction required. Enterprises running AI model serving APIs, enterprise data pipelines, or ML orchestration workflows on WebSphere face direct exposure, as any JAX-WS endpoint that should be access-controlled becomes reachable by anonymous callers. The vulnerability is not yet in CISA KEV and no confirmed public exploit exists, providing a narrow remediation window before opportunistic exploitation materializes at scale. Apply IBM's patch immediately per the vendor advisory at ibm.com/support/pages/node/7276597 and restrict JAX-WS endpoint exposure at the network perimeter until systems are updated.

Sources: NVD ATLAS ibm.com

What is the risk?

CVSS 7.3 with AV:N/AC:L/PR:N/UI:N represents a high operational risk profile: low exploitation complexity and no authentication prerequisite mean any threat actor with network reach can attempt exploitation without specialized skills. Partial CIA triad impact (C:L/I:L/A:L) limits absolute blast radius compared to a full-compromise scenario, but the near-zero barrier to entry combined with ubiquitous WebSphere deployments in enterprise environments significantly elevates aggregate risk. Absence from CISA KEV and lack of public exploit provide a temporary buffer, but authentication bypass flaws in widely deployed application servers have historically been weaponized quickly.

How does the attack unfold?

Reconnaissance

Adversary scans enterprise IP ranges for WebSphere Application Server instances on ports 9080/9443, then enumerates available JAX-WS services via WSDL discovery (GET /services?wsdl).

AML.T0006

Authentication Bypass

Attacker crafts a SOAP request targeting a restricted JAX-WS operation and submits it without credentials, exploiting the CWE-287 flaw that causes WebSphere to skip authentication enforcement.

AML.T0049

Unauthorized API Access

Server processes the unauthenticated request and returns a valid response, granting attacker access to protected AI model inference endpoints or enterprise data pipeline operations.

AML.T0040

Impact

Adversary extracts proprietary model outputs at scale, drains compute resources via mass inference, or injects malicious data into connected AI training pipelines, causing financial and data integrity harm.

AML.T0048

Reconnaissance

Adversary scans enterprise IP ranges for WebSphere Application Server instances on ports 9080/9443, then enumerates available JAX-WS services via WSDL discovery (GET /services?wsdl).

AML.T0006

Authentication Bypass

Attacker crafts a SOAP request targeting a restricted JAX-WS operation and submits it without credentials, exploiting the CWE-287 flaw that causes WebSphere to skip authentication enforcement.

AML.T0049

Unauthorized API Access

Server processes the unauthenticated request and returns a valid response, granting attacker access to protected AI model inference endpoints or enterprise data pipeline operations.

AML.T0040

Impact

Adversary extracts proprietary model outputs at scale, drains compute resources via mass inference, or injects malicious data into connected AI training pipelines, causing financial and data integrity harm.

AML.T0048

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
WebSphere Application Server	—	—	No patch

Do you use WebSphere Application Server? You're affected.

How severe is it?

CVSS 3.1

7.3 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

Trivial

What is the attack surface?

AV Network

AC Low

PR None

UI None

S Unchanged

C Low

I Low

A Low

What should I do?

6 steps

Apply IBM's security patch immediately — consult the vendor advisory at https://www.ibm.com/support/pages/node/7276597 for patch details and supported versions.
Until patched, restrict network access to WebSphere JAX-WS endpoints (typically ports 9080/9443, paths matching /services/*) via firewall ACLs or reverse proxy rules — limit to known trusted IP ranges.
Verify WebSphere Global Security is fully enabled and confirm all deployed JAX-WS applications enforce explicit authentication policies at the binding-level (not solely application-level).
Review WebSphere SystemOut.log and access logs for anomalous unauthenticated SOAP requests to /services/ endpoints — flag any 200-response calls lacking Authorization headers.
Audit all deployed JAX-WS web services to enumerate which expose AI model, data, or administrative operations.
As a compensating control, deploy WAF rules requiring bearer tokens or client certificates for all /services/ path patterns until patches are applied.

How is it classified?

Auth Bypass Data Extraction API Inference AML.T0006 - Active Scanning AML.T0040 - AI Model Inference API Access AML.T0049 - Exploit Public-Facing Application

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act

Art. 15 - Accuracy, robustness and cybersecurity

ISO 42001

8.1 - Operational planning and control

NIST AI RMF

MANAGE 2.4 - Residual risks are managed

OWASP LLM Top 10

LLM10:2025 - Unbounded Consumption

Frequently Asked Questions

What is CVE-2026-10845?

IBM WebSphere Application Server 8.5 and 9.0 contain an authentication bypass vulnerability (CWE-287) in JAX-WS web service endpoints, enabling unauthenticated remote attackers to gain unauthorized access with zero prerequisites — no credentials, no privileges, no user interaction required. Enterprises running AI model serving APIs, enterprise data pipelines, or ML orchestration workflows on WebSphere face direct exposure, as any JAX-WS endpoint that should be access-controlled becomes reachable by anonymous callers. The vulnerability is not yet in CISA KEV and no confirmed public exploit exists, providing a narrow remediation window before opportunistic exploitation materializes at scale. Apply IBM's patch immediately per the vendor advisory at ibm.com/support/pages/node/7276597 and restrict JAX-WS endpoint exposure at the network perimeter until systems are updated.

Is CVE-2026-10845 actively exploited?

No confirmed active exploitation of CVE-2026-10845 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-10845?

1. Apply IBM's security patch immediately — consult the vendor advisory at https://www.ibm.com/support/pages/node/7276597 for patch details and supported versions. 2. Until patched, restrict network access to WebSphere JAX-WS endpoints (typically ports 9080/9443, paths matching /services/*) via firewall ACLs or reverse proxy rules — limit to known trusted IP ranges. 3. Verify WebSphere Global Security is fully enabled and confirm all deployed JAX-WS applications enforce explicit authentication policies at the binding-level (not solely application-level). 4. Review WebSphere SystemOut.log and access logs for anomalous unauthenticated SOAP requests to /services/ endpoints — flag any 200-response calls lacking Authorization headers. 5. Audit all deployed JAX-WS web services to enumerate which expose AI model, data, or administrative operations. 6. As a compensating control, deploy WAF rules requiring bearer tokens or client certificates for all /services/ path patterns until patches are applied.

What systems are affected by CVE-2026-10845?

This vulnerability affects the following AI/ML architecture patterns: model serving, enterprise AI integration middleware, ML API gateways.

What is the CVSS score for CVE-2026-10845?

CVE-2026-10845 has a CVSS v3.1 base score of 7.3 (HIGH).

What is the AI security impact?

Affected AI Architectures

model servingenterprise AI integration middlewareML API gateways

MITRE ATLAS Techniques

AML.T0006 Active Scanning

AML.T0040 AI Model Inference API Access

AML.T0049 Exploit Public-Facing Application

Compliance Controls Affected

EU AI Act: Art. 15

ISO 42001: 8.1

NIST AI RMF: MANAGE 2.4

OWASP LLM Top 10: LLM10:2025

What are the technical details?

Original Advisory

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

Exploitation Scenario

An adversary targeting an enterprise AI platform built on WebSphere begins by scanning for exposed instances on ports 9080 or 9443, using WSDL enumeration (GET /services?wsdl) to discover deployed JAX-WS services including model inference or data pipeline APIs. Identifying an unpatched WebSphere 8.5 or 9.0 host, the attacker crafts a raw SOAP envelope targeting a restricted operation and sends it without any Authorization header, exploiting the CWE-287 authentication bypass. The server fails to enforce its configured security constraints and processes the request, returning proprietary model predictions or granting access to administrative batch operations. In a scaled AI attack scenario, the adversary could mass-query an LLM inference endpoint to extract training data patterns, drain quota-limited compute resources, or inject malicious data into a connected training pipeline — all without any valid account.

Weaknesses (CWE)

CWE-287 Improper Authentication CWE-287 Improper Authentication

CWE-287 — Improper Authentication: When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.