A vulnerability described as critical has been identified in IBM HTTP Server 8.5/9.0 . Affected by this issue is some unknown functionality. Such manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2026-8855 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.