Description
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
Published: 2026-03-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

IBM i 7.6 may allow a remote attacker to cause a denial of service by exploiting failed authentication connections that result in improper allocation of resources. The vulnerability can interrupt service availability but does not directly compromise confidentiality or integrity.

Affected Systems

Affected product is IBM i version 7.6. The vulnerability is present in the IBM i operating system and is addressed specifically by the PTF SJ09012 (IBM i Release 5733‑SC1) and by any supported IBM i version that incorporates that fix.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. The EPSS score under 1% suggests the likelihood of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Attackers can target affected instances over the network; the exploit requires only remote authentication failure, making the attack path straightforward.

Generated by OpenCVE AI on March 19, 2026 at 15:32 UTC.

Remediation

Vendor Solution

Remediation/Fixes IBM strongly recommends addressing the vulnerability now. IBM i Release 5733-SC1 PTF Number(s) PTF Download Link(s) 7.6 SJ09012 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09012 IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.

OpenCVE Recommended Actions

  • Apply the IBM i Release 5733‑SC1 PTF PTF #SJ09012 (download from https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09012).
  • Upgrade to a supported IBM i version that includes the fix if you are running an unsupported or older version.
  • Verify that the applied patch covers all relevant components by checking the fix coverage details.
  • Monitor system health and logs for unexpected authentication failures or resource usage spikes after patching.

Generated by OpenCVE AI on March 19, 2026 at 15:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*

Wed, 18 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
Title IBM i Denial of Service
First Time appeared Ibm
Ibm i
Weaknesses CWE-770
CPEs cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm i
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Ibm I
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-18T20:01:11.954Z

Reserved: 2026-01-23T18:15:46.717Z

Link: CVE-2026-1376

cve-icon Vulnrichment

Updated: 2026-03-18T20:01:06.504Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T22:16:14.287

Modified: 2026-03-19T14:40:00.077

Link: CVE-2026-1376

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:30Z

Weaknesses