CVE-2026-4942
Received
Received - Intake
IBM i TLS Downgrade Vulnerability
Vulnerability report for CVE-2026-4942, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-17
Last updated on: 2026-07-17
Assigner: IBM Corporation
Description
Description
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message and downgrade the Transport Layer Security (TLS) protocol to a version disabled in the server configuration.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | i | 7.6 |
| ibm | i | 7.5 |
| ibm | i | 7.4 |
| ibm | i | 7.3 |
| ibm | ibm_i | to 7.4 (exc) |
| ibm | ibm_i | to 7.5 (exc) |
| ibm | ibm_i | to 7.6 (exc) |
| ibm | ibm_i | 7.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-757 | A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. |