Cyber Posture

CVE-2026-2311

Medium

Published: 30 April 2026

Published
30 April 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score 6.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2311 is a medium-severity Improper Access Control (CWE-284) vulnerability in Ibm I. Its CVSS base score is 6.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources, directly mitigating the invalid authorization check in the IBM i Web Administration GUI that enables privilege escalation.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and correction of system flaws like this authorization vulnerability, aligning with IBM's recommended patches to prevent exploitation.

AC-6 Least Privilege partial match
prevent

Employs least privilege to restrict high-privilege users (PR:H required for exploitation), limiting the potential for escalation to administrator privileges in the Web GUI.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct match to exploitation of improper authorization for privilege escalation to admin code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check.  A malicious actor could cause user-controlled code to run with administrator privilege.

Deeper analysisAI

CVE-2026-2311 is a privilege escalation vulnerability in IBM i versions 7.6, 7.5, 7.4, 7.3, and 7.2, stemming from an invalid authorization check in the IBM i Web Administration GUI. This flaw, associated with CWE-284 (Improper Access Control), allows a malicious actor to execute user-controlled code with administrator privileges. The vulnerability was published on 2026-04-30 with a CVSS v3.1 base score of 6.4 (AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H).

Exploitation requires an attacker with high privileges (PR:H) on the target system, network access (AV:N), high attack complexity (AC:H), and user interaction (UI:R), such as a victim clicking a malicious link or element in the Web Administration GUI. Successful exploitation grants high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), enabling the attacker to escalate privileges and run arbitrary code as an administrator without changing the scope (S:U).

IBM's security advisory at https://www.ibm.com/support/pages/node/7269560 provides details on mitigation, including recommended patches for affected IBM i releases.

Details

CWE(s)
CWE-284

Affected Products

ibm
i
7.2, 7.3, 7.4, 7.5, 7.6

CVEs Like This One

CVE-2024-55898Same product: Ibm I
CVE-2026-1376Same product: Ibm I
CVE-2026-0977Same vendor: Ibm
CVE-2025-14604Same vendor: Ibm
CVE-2024-49814Same vendor: Ibm
CVE-2025-36184Same vendor: Ibm
CVE-2025-54914Shared CWE-284
CVE-2025-21359Shared CWE-284
CVE-2025-24042Shared CWE-284
CVE-2025-0161Same vendor: Ibm

References