Primary

Context

IBM i Access Family Remote Code Execution Vulnerability via IBM i Navigator

Vulnerability

Patched

A remote code execution vulnerability exists in the IBM i Access Client Solutions (ACS) within the IBM i Access Family, specifically in versions 1.1.5.0 through 1.1.9.12. The vulnerability arises when ACS is configured to accept requests from IBM i Navigator.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can upgrade to version 1.1.9.13 or later to address this vulnerability. The latest version of IBM i Access Client Solutions can be downloaded from the IBM i software site via Entitled Systems Support (ESS), or by applying a PTF to IBM i. For IBM i releases 7.6, 7.5, 7.4, and 7.3, specific PTF numbers and download links are available.

Added: Jun 1, 2026, 7:56 PM

Updated: Jun 1, 2026, 7:56 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM i Access Family Remote Code Execution Vulnerability via IBM i Navigator

Vulnerability

Impact

Remediation

Affected Products

IBM i Access Family

IBM i Access Client Solutions

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating