{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2311", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-02-10T21:39:52.444Z", "datePublished": "2026-04-30T21:45:08.343Z", "dateUpdated": "2026-04-30T21:45:08.343Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-04-30T21:45:08.343Z"}, "title": "IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "i", "versions": [{"status": "affected", "version": "7.6.0", "lessThanOrEqual": "2.3.0", "versionType": "semver"}, {"status": "affected", "version": "7.5.0"}, {"status": "affected", "version": "7.4.0"}, {"status": "affected", "version": "7.3.0"}, {"status": "affected", "version": "7.2.0"}], "cpes": ["cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.2.0:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. \u00a0A malicious actor could cause user-controlled code to run with administrator privilege.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. &nbsp;A malicious actor could cause user-controlled code to run with administrator privilege.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7269560", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerability now.\n\nIBM i Release5770-DG1\nPTF Number(s)PTF Download Link(s)7.6SJ08417 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08417 7.5SJ08418 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08418 7.4SJ08419 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08419 7.3SJ08604 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08604 7.2SJ08818 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08818 \n\n\n\nIBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><strong>IBM strongly recommends addressing the vulnerability now.</strong></p><div><table><thead><tr><td><strong>IBM i Release</strong></td><td><strong>5770-DG1<br>PTF Number(s)</strong></td><td><strong>PTF Download Link(s)</strong></td></tr></thead><tbody><tr><td>7.6</td><td>SJ08417</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08417\" rel=\"noopener noreferrer nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08417</a></td></tr><tr><td>7.5</td><td>SJ08418</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08418\" rel=\"noopener noreferrer nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08418</a></td></tr><tr><td>7.4</td><td>SJ08419</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08419\" rel=\"noopener noreferrer nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08419</a></td></tr><tr><td>7.3</td><td>SJ08604</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08604\" rel=\"noopener noreferrer nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08604</a></td></tr><tr><td>7.2</td><td>SJ08818</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08818\" rel=\"noopener noreferrer nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ08818</a></td></tr></tbody></table></div><p>IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.</p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. \u00a0A malicious actor could cause user-controlled code to run with administrator privilege."}], "id": "CVE-2026-2311", "lastModified": "2026-04-30T22:16:25.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-04-30T22:16:25.147", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7269560"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}