Is CVE-2026-8644 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-8644 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-8644

Between April and June 2026, Spring's WebPulse security score dropped from 55.6 to 42.0 — the largest security decline of any tracked framework. Three coordinated CVEs in Spring Framework, the WebSphere triple exploit, and Oracle WebLogic advisories hit in the same window. Enterprise Java is under siege from every direction.

Spring 2026

What WebPulse reported · 2 analyses

Spring Lost 13.6 Security Points in 60 Days. Enterprise Java's Foundation Is Cracking.

Between April and June 2026, Spring's WebPulse security score dropped from 55.6 to 42.0 — the largest security decline of any tracked framework. Three coordinat

June 20, 2026

IBM WebSphere: Three Critical CVEs Disclosed on the Same Day. CVSS 9.1 Authentication Bypass Leads the Pack.

CVE-2026-8644 lets attackers impersonate any user without credentials. CVE-2026-9311 enables remote code execution. CVE-2026-9319 completes the trilogy with des

June 19, 2026

View CVE-2026-8644 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9319 CVE-2026-9311 CVE-2026-40994 CVE-2026-40987 CVE-2022-22965 CVE-2022-22963 CVE-2022-22947 CVE-2020-5410