CVE-2026-2311
IBM i Web Administration Privilege Escalation Vulnerability
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | i | 7.2 |
| ibm | i | 7.3 |
| ibm | i | 7.4 |
| ibm | i | 7.5 |
| ibm | i | 7.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-2311 vulnerability in IBM i Web Administration GUI, users should apply the relevant Program Temporary Fixes (PTFs) released by IBM for their specific IBM i versions (7.2 through 7.6).
There are no available workarounds currently, so applying the official fixes is critical.
Additionally, IBM recommends upgrading to supported versions if you are running unsupported software.
Can you explain this vulnerability to me?
This vulnerability affects IBM i versions 7.6, 7.5, 7.4, 7.3, and 7.2. It is caused by an invalid authorization check in the IBM i Web Administration GUI, which allows a malicious actor to escalate privileges.
Specifically, an attacker could exploit this flaw to run user-controlled code with administrator privileges.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, meaning an attacker could gain administrator-level access on the affected IBM i system.
With administrator privileges, the attacker could execute arbitrary code, potentially compromising system integrity, confidentiality, and availability.