CVE-2026-1376

High

Published: 17 March 2026

Published

17 March 2026

Modified

19 March 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0007 21.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1376 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Ibm I. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SC-5 (Denial-of-service Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match

prevent

AC-7 enforces limits on consecutive invalid logon attempts, directly preventing resource exhaustion from repeated failed authentications that cause DoS.

SC-5 Denial-of-service Protection good match

prevent

SC-5 protects against denial-of-service events, including those from resource exhaustion due to unthrottled failed authentication connections.

SC-6 Resource Availability good match

prevent

SC-6 implements resource allocation controls to ensure availability, mitigating improper resource handling during failed authentications.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Direct remote unauthenticated exploitation of public-facing auth service for resource exhaustion DoS via CWE-770.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.

Deeper analysisAI

CVE-2026-1376 is a vulnerability in IBM i 7.6 that could allow a remote attacker to cause a denial of service condition through failed authentication connections stemming from improper allocation of resources. This issue, published on 2026-03-17, is linked to CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

The vulnerability can be exploited by any unauthenticated remote attacker with network access to the affected system. Exploitation requires low complexity and no user interaction, enabling the attacker to trigger resource exhaustion via repeated failed authentication attempts, leading to a denial of service that disrupts system availability without affecting confidentiality or integrity.

IBM has issued a security advisory providing details on the vulnerability and mitigation at https://www.ibm.com/support/pages/node/7266422.

Details

CWE(s): CWE-770

Affected Products

ibm

7.6

CVEs Like This One

CVE-2026-2311Same product: Ibm I

CVE-2024-55898Same product: Ibm I

CVE-2025-36070Same vendor: Ibm

CVE-2024-45662Same vendor: Ibm

CVE-2025-3356Same vendor: Ibm

CVE-2025-12531Same vendor: Ibm

CVE-2026-20103Shared CWE-770

CVE-2024-49352Same vendor: Ibm

CVE-2023-49886Same vendor: Ibm

CVE-2026-1343Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7266422
Vendor Advisory · psirt@us.ibm.com