CVE-2026-7770 PUBLISHED

IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator

Assigner: ibm
Reserved: 04.05.2026 Published: 01.06.2026 Updated: 02.06.2026

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	i Access Family
Versions	affected from 1.1.5.0 to 1.1.9.12 (incl.)

Solutions

The issue can be fixed by upgrading to version 1.1.9.13 or later. See https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09731 7.5SJ09729 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09729 7.4SJ09730 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09730 7.3SJ09732 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09732

References

https://www.ibm.com/support/pages/node/7274214

Problem Types

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE