{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7770", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2026-05-04T14:12:38.595Z", "datePublished": "2026-06-01T17:45:00.983Z", "dateUpdated": "2026-06-01T17:45:00.983Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-06-01T17:45:00.983Z"}, "title": "IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "i Access Family", "versions": [{"status": "affected", "version": "1.1.5.0", "lessThanOrEqual": "1.1.9.12", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:i_access_family:1.1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i_access_family:1.1.9.12:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7274214", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "The issue can be fixed by upgrading to version 1.1.9.13 or later.\u00a0 \u00a0See https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09731 7.5SJ09729 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09729 7.4SJ09730 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09730 7.3SJ09732 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09732", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The issue can be fixed by upgrading to version 1.1.9.13 or later.\u00a0 \u00a0See <a href=\"https://www.ibm.com/support/pages/ibm-i-access-client-solutions-5733xj1\" rel=\"nofollow\">IBM i Access Client Solutions updates</a> for the latest version available.</p><div><div><table><colgroup><col/><col/><col/></colgroup><tbody><tr><td>Product(s)</td><td>Version(s)</td><td>Remediation/Fix/Instructions\u00a0</td></tr><tr><td>IBM i Access Client Solutions</td><td>1.1.5.0 - 1.1.9.12</td><td><p>There are three ways to obtain the current version of IBM i Access Client Solutions:</p><p>1) IBM i Access Client Solutions is available at <a href=\"https://www.ibm.com/resources/mrs/assets?source=swg-ia\" rel=\"nofollow\">Downloads.</a></p><p>2) IBM i Access Client Solutions can be downloaded from the general IBM i software site at\u00a0<a href=\"https://www.ibm.com/servers/eserver/ess/landing/index.html\" rel=\"nofollow\">Entitled Systems Support (ESS)</a>.\u00a0\u00a0</p><ul><li>Available from ESS starting May 29, 2026.\u00a0</li></ul><p>3) IBM i Access Client Solutions is available by applying a PTF to IBM i.\u00a0 \u00a0</p><div><div><table><colgroup><col/><col/><col/></colgroup><tbody><tr><td>IBM i Release</td><td>5770-SS1<br/>PTF Number(s)</td><td>PTF Download Link(s)</td></tr><tr><td>7.6</td><td>SJ09731</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09731\" rel=\"nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09731</a></td></tr><tr><td>7.5</td><td>SJ09729</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09729\" rel=\"nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09729</a></td></tr><tr><td>7.4</td><td>SJ09730</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09730\" rel=\"nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09730</a></td></tr><tr><td>7.3</td><td>SJ09732</td><td><a href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09732\" rel=\"nofollow\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ09732</a></td></tr></tbody></table></div></div><p></p></td></tr></tbody></table></div></div><p></p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator."}], "id": "CVE-2026-7770", "lastModified": "2026-06-01T19:16:54.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-06-01T19:16:54.773", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7274214"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"created": "2026-06-01T20:45:25.621071+00:00", "updated": "2026-06-01T20:45:25.621089+00:00", "vendors": []}