CVE-2026-2311

Summary

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check.  A malicious actor could cause user-controlled code to run with administrator privilege.

Affected Software

VendorProductVersion RangeStatus
IBMi7.6.0 <= 2.3.0affected
IBMi7.5.0affected
IBMi7.4.0affected
IBMi7.3.0affected
IBMi7.2.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References