IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ibm |
|
Configuration 1 [-]
|
No data.
References
History
Fri, 01 May 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:* |
Fri, 01 May 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 30 Apr 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege. | |
| Title | IBM i is affected by a privilege escalation vulnerability in Web Administration GUI [] | |
| First Time appeared |
Ibm
Ibm i |
|
| Weaknesses | CWE-284 | |
| CPEs | cpe:2.3:a:ibm:i:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm i |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-05-01T16:37:41.092Z
Reserved: 2026-02-10T21:39:52.444Z
Link: CVE-2026-2311
Vulnrichment
Updated: 2026-05-01T16:37:35.884Z
NVD
Status : Analyzed
Published: 2026-04-30T22:16:25.147
Modified: 2026-05-01T19:33:39.563
Link: CVE-2026-2311
Redhat
No data.