CVE-2026-6936

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...

CVE-2026-7770

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

CVE-2026-7770

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

CVE-2026-7770

CVE-2026-7770 affects IBM i Access Family (ACS) versions 1.1.5.0–1.1.9.12. When ACS is configured to listen for requests from IBM i Navigator, it is vulnerable to remote code execution. The root cause is CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ...

PT-2026-45541

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

Security Bulletin: IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator (CVE-2026-7770)

Summary IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator CVE-2026-7770. Vulnerability Details CVEID:CVE-2026-7770 DESCRIPTION: IBM i Access Client Solutions ACS is vulnerable to remote code execution when configur...

CVE-2026-6936 IBM i is Affected by a Denial of Service Vulnerability []

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...

CVE-2026-6936

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...

CVE-2026-6936

CVE-2026-6936 affects IBM i versions 7.3–7.6 (5770-999). The vulnerability is due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler, enabling an authenticated attacker to cause a denial-of-service by compiling specially crafted source code. CVSS v3.1 base score is 6....

CVE-2026-6936 IBM i is Affected by a Denial of Service Vulnerability []

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment ILE compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of...

IBM i 安全漏洞

IBM i is an operating system developed by the American International Business Machines IBM company, which runs on IBM Power Systems and IBM PureSystems. Versions 7.6, 7.5, 7.4, and 7.3 of IBM i have security vulnerabilities. These vulnerabilities stem from uncontrolled recursion in the Integrated...

Security Bulletin: IBM i is Affected by an Improper Validation Vulnerability in zlib [CVE-2026-27171]

Summary Zlib for IBM i is vulnerable to increased CPU consumption when using functions crc32combine64 and crc32combine64gen64 CVE-2026-27171 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via...

Security Bulletin: IBM i is Affected by Improper Handling of Special Elements and Improper Neutralization of Null Byte Vulnerabilities in OpenSSH [CVE-2025-61984, CVE-2025-61985]

Summary OpenSSH for IBM i is vulnerable to allowing control characters in usernames CVE-2025-61984 and allowing null bytes in the URI CVE-2025-61985 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control...

Security Bulletin: IBM i is Affected By A Cross-Site Scripting Vulnerability in Navigator for i [CVE-2026-0540]

Summary Navigator for IBM i uses the Monaco editor to edit config files. The Monaco editor uses DOMPurify to sanitize the HyperText Markup Language HTML in the editor. DOMPurify is vulnerable to improper neutralization of input by using rawtext elements missing from the SAFEFORXML regex...

Security Bulletin: IBM i is Affected by a Denial of Service Vulnerability [CVE-2026-6936]

Summary IBM i is vulnerable to denial of service due to uncontrolled recurision in the Integrated Language Environment ILE compiler as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-6936 DESCRIPTION: IBM i is vulnerable to a denial-of-service attack due to...

Security Bulletin: IBM i is affected by BIND being too lenient accepting records with forged data and consuming excessive CPU when a resolver is performing DNSSEC validation [CVE-2025-40778, CVE-2026-1519].

Summary Domain Name System for IBM i is vulnerable to BIND being too lenient when accepting records from answers allowing an attack to inject forged data into cache CVE-2025-40778, and consuming excessive CPU when a resolver is performing DNSSEC validation and encounters a maliciously crafted zon...

CVE-2026-2311

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

EUVD-2026-26440

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-2311

CVE-2026-2311 affects IBM i releases 7.6, 7.5, 7.4, 7.3, and 7.2. The root cause is an invalid authorization check in the IBM i Web Administration GUI, enabling privilege escalation where a malicious actor could cause user‑controlled code to execute with administrator privileges. Impact is high (...