A vulnerability was found in IBM WebSphere Application Server 8.5/9.0 . It has been rated as critical . This impacts an unknown function. This manipulation causes authentication bypass by spoofing. This vulnerability is tracked as CVE-2026-8644 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.