Medium severity6.4NVD Advisory· Published Apr 30, 2026· Updated May 1, 2026

CVE-2026-2311

Description

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege.

Affected products

IBM/I5 versions
cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7269560nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000