Description
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
Published: 2026-06-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a user to gain administrator privileges through an unqualified library call. A malicious actor could cause user‑controlled code to execute with administrator rights. The primary impact is that the attacker can obtain elevated privileges, enabling them to control the system.

Affected Systems

Affected systems are IBM i releases 7.3, 7.4, 7.5, and 7.6. IBM has released specific points‑in‑time fixes (PTFs) for each release: 7.6 (SJ09689, SJ09666, SJ10017, SJ09859), 7.5 (SJ09688, SJ09665, SJ09699, SJ10015, SJ09855), 7.4 (SJ09690, SJ09664, SJ09701, SJ10028, SJ09851), and 7.3 (SJ09691, SJ09663, SJ10018, SJ09837). The vendor recommends upgrading to a supported fixed release such as IBM i Release5770‑SS1.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local user capable of influencing library resolution to launch malicious code; this inference is drawn from the mention that user‑controlled code can run with administrator privilege. Successful exploitation would grant the attacker systemwide administrative privileges.

Generated by OpenCVE AI on June 11, 2026 at 21:28 UTC.

Remediation

Vendor Solution

IBM i Release5770-SS1 PTF Number(s)PTF Download Link(s)7.6SJ09689 SJ09666 SJ10017 SJ09859 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09689 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09666 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10017 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09859 7.5SJ09688 SJ09665 SJ09699 SJ10015 SJ09855 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09688 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09665 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09699 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10015 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09855 7.4SJ09690 SJ09664 SJ09701 SJ10028 SJ09851 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09690 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09664 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09701 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10028 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09851 7.3SJ09691 SJ09663 SJ10018 SJ09837 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09691 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09663 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ10018 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09837 IBM recommends users running unsupported versions of affected products upgrade to a supported and fixed version of affected products.


OpenCVE Recommended Actions

  • Apply IBM i Release5770‑SS1 and the corresponding PTFs for your release (for example, SJ09689, SJ09666, SJ10017, SJ09859 on 7.6; SJ09688, SJ09665, SJ09699, SJ10015, SJ09855 on 7.5; SJ09690, SJ09664, SJ09701, SJ10028, SJ09851 on 7.4; SJ09691, SJ09663, SJ10018, SJ09837 on 7.3).
  • If the patch cannot be applied immediately, enforce full qualification of library references on the system to prevent unqualified library calls from being resolved to attacker‑controlled code.
  • Limit user permissions for creating or modifying libraries that appear early in library lists and monitor for unauthorized changes to reduce the risk that an attacker can introduce malicious code.

Generated by OpenCVE AI on June 11, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*

Thu, 11 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
Title IBM i is Affected by Privilege Escalation []
First Time appeared Ibm
Ibm i
Weaknesses CWE-427
CPEs cpe:2.3:a:ibm:i:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm i
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-12T03:55:35.193Z

Reserved: 2026-05-05T14:09:09.453Z

Link: CVE-2026-7870

cve-icon Vulnrichment

Updated: 2026-06-11T15:30:37.662Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-11T16:16:25.220

Modified: 2026-06-16T15:00:29.613

Link: CVE-2026-7870

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T21:30:05Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element