Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Adjacent-only reach (AV:A) and no authentication needed (PR:N); exclusive availability impact (A:H) from JVM crash with no confidentiality or integrity consequence.
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.
AnalysisAI
Denial of service in IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 allows adjacent unauthenticated attackers to crash the WebSphere Application Server JVM by sending malformed XDF-encoded Protocol Buffers messages to the data grid. The XDF decoder fails to enforce bounds on recursive protobuf message nesting depth and attacker-supplied length prefixes, triggering either a StackOverflowError or OutOfMemoryError that takes down the JVM process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be network-adjacent to the target - sharing the same Layer 2 broadcast domain, VLAN, or subnet as the WebSphere Extreme Scale instance (AV:A per CVSS). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.5 (Medium) with vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H accurately reflects a meaningful but geographically contained threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with foothold on the same network segment as a WebSphere Extreme Scale grid node - such as a compromised internal server or a co-tenant VM in a shared cloud environment - sends a crafted XDF-encoded protobuf message containing hundreds of levels of nested message wrappers or a length prefix set to a value far exceeding available heap. The XDF decoder processes the payload without bounds enforcement, either overflowing the JVM call stack through recursive parsing or exhausting heap memory through the unbounded allocation, and the WebSphere Application Server JVM crashes, taking the data grid node offline. … |
| Remediation | Apply the vendor-released patch per the IBM support advisory at https://www.ibm.com/support/pages/node/7278346. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Websphere Extreme Scale
View allArbitrary constructor invocation (leading to code execution) in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 lets
Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0-8.6.1.6 arises because three bundled ObjectInputStream subc
Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 arises from roughly 50 generated CORBA stub
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40379
GHSA-qh26-gm6x-4qpg