CVE-2026-2311 PUBLISHED

IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

Assigner: ibm
Reserved: 10.02.2026 Published: 30.04.2026 Updated: 30.04.2026

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 6.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	i
Versions	affected from 7.6.0 to 2.3.0 (incl.) Version 7.5.0 is affected Version 7.4.0 is affected Version 7.3.0 is affected Version 7.2.0 is affected

Solutions

IBM strongly recommends addressing the vulnerability now.

IBM i Release5770-DG1 PTF Number(s)PTF Download Link(s)7.6SJ08417 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08417 7.5SJ08418 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08418 7.4SJ08419 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08419 7.3SJ08604 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08604 7.2SJ08818 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08818

IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.

References

https://www.ibm.com/support/pages/node/7269560

Problem Types

CWE-284 Improper Access Control CWE