CVE-2026-6936 PUBLISHED

IBM i is Affected by a Denial of Service Vulnerability []

Assigner: ibm
Reserved: 23.04.2026 Published: 27.05.2026 Updated: 27.05.2026

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	i
Versions	affected from 7.6 to 11.5.9 (incl.) affected from 7.5 to 12.1.4 (incl.) Version 7.4 is affected Version 7.3 is affected

Solutions

IBM i Release5770-999 PTF Number(s)PTF Download Link(s)7.6MJ09365 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ09365 7.5MJ09335 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ09335 7.4MJ09334 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ09334 7.3MJ09332 https://www.ibm.com/mysupport/s/fix-information?legacy=MJ09332

IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.

References

https://www.ibm.com/support/pages/node/7272908

Problem Types

CWE-674 Uncontrolled Recursion CWE