CVE-2026-7870

Vulnerability

IBM i versions 7.3, 7.4, 7.5, and 7.6 are vulnerable to a privilege escalation due to an unqualified library call (CWE-427). The flaw occurs when a program loads a library without specifying a full path, allowing an attacker to place a malicious library in the search path. Affected releases include IBM i operating system with base feature 5770-SS1. [1]

Exploitation

An attacker requires authenticated access to the system with some user privileges. By placing a malicious library in a directory that appears earlier in the uncontrolled search path, the attacker can cause the system to load their code instead of the legitimate library. No user interaction beyond the attacker's own actions is needed. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary code with administrator (root) privileges. This compromises the confidentiality, integrity, and availability of the system, as the attacker gains full control over the affected IBM i system. [1]

Mitigation

IBM has not provided a workaround or patch as of the initial publication. The security bulletin states "None" under workarounds and mitigations. Users should monitor IBM's security advisories for future updates. [1]