CVE-2026-6936
Analyzed Analyzed - Analysis Complete
Denial-of-Service in IBM i ILE Compiler

Publication date: 2026-05-27

Last updated on: 2026-05-28

Assigner: IBM Corporation

Description
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6936
EUVD
EUVD-2026-32491
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm i From 7.3 (inc) to 7.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

There are no specific detection commands or methods provided to identify this vulnerability on your network or system.

IBM recommends applying the provided PTF fixes or upgrading to a supported version to address the vulnerability.

Executive Summary

CVE-2026-6936 is a vulnerability in IBM i versions 7.3, 7.4, 7.5, and 7.6 caused by uncontrolled recursion in the Integrated Language Environment (ILE) compiler.

An authenticated attacker can exploit this vulnerability by compiling specially crafted source code that contains a specific combination of statements, which triggers the uncontrolled recursion.

This leads to a denial-of-service (DoS) condition, causing system disruption.

Impact Analysis

The primary impact of this vulnerability is a denial-of-service attack that affects system availability.

An attacker with authenticated access can cause system disruption by exploiting the uncontrolled recursion in the ILE compiler.

This can lead to downtime or unavailability of the affected IBM i systems, potentially interrupting business operations.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-6936, IBM recommends applying the provided PTFs (Program Temporary Fixes) for your IBM i version.

  • Apply PTF MJ09365 if you are using IBM i version 7.6.
  • Apply PTF MJ09335 if you are using IBM i version 7.5.
  • Apply PTF MJ09334 if you are using IBM i version 7.4.
  • Apply PTF MJ09332 if you are using IBM i version 7.3.

Alternatively, upgrading to a supported version of IBM i that includes these fixes is recommended. No workarounds are currently available.

Compliance Impact

The vulnerability CVE-2026-6936 affects system availability due to a denial-of-service attack but does not impact confidentiality or integrity.

Since the vulnerability only affects availability and requires authenticated access to exploit, there is no direct information indicating an impact on compliance with common standards and regulations such as GDPR or HIPAA.

However, disruptions in system availability could indirectly affect compliance if critical systems are unavailable, but no explicit compliance impact is stated in the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6936. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart