CVE-2026-2311

MEDIUM

IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

Title source: cna

Description

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7269560

Scores

CVSS v3 6.4

EPSS 0.0003

EPSS Percentile 9.5%

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (5)

IBM/i 7.2.0

IBM/i 7.3.0

IBM/i 7.4.0

IBM/i 7.5.0

IBM/i 7.6.0 - 2.3.0

Published Apr 30, 2026

Tracked Since May 01, 2026