CVE-2026-7770— IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | i Access Family | 1.1.5.0≤ 1.1.9.12 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7770
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | i Access Family | 1.1.5.0 ~ 1.1.9.12 | cpe:2.3:a:ibm:i_access_family:1.1.5.0:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-7770
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7770
请登录查看更多情报信息。
Other References for CVE-2026-7770 (1)
Same Patch Batch · IBM · 2026-06-01 · 5 CVEs total
| CVE-2026-8644 | 9.1 CRITICAL | IBM WebSphere Application Server is affected by an identity spoofing vulnerability |
| CVE-2026-9319 | 9.0 CRITICAL | IBM WebSphere Application Server is affected by a remote code execution vulnerability |
| CVE-2026-9311 | 9.0 CRITICAL | IBM WebSphere Application Server is affected by remote code execution |
| CVE-2026-9330 | 8.5 HIGH | IBM WebSphere Application Server is affected by remote code execution |
IV. Related Vulnerabilities
Same vendor: IBM
- CVE-2026-9330
IBM WebSphere Application Server is affected by remote code - CVE-2026-9319
IBM WebSphere Application Server is affected by a remote cod - CVE-2026-9311
IBM WebSphere Application Server is affected by remote code - CVE-2026-8644
IBM WebSphere Application Server is affected by an identity - CVE-2026-1248
IBM Business Automation Workflow information leak
Same weakness: CWE-74
- CVE-2026-8993
Improper URL Handler Processing in D.Launcher 2 enables NTLM - CVE-2026-10223
NousResearch hermes-agent memory_tool.py _scan_memory_conten - CVE-2026-10222
NousResearch hermes-agent config.py _sanitize_env_lines inje - CVE-2026-10221
NousResearch hermes-agent run_agent.py _compress_context inj - CVE-2026-10220
NousResearch hermes-agent skills_tool.py skill_view injectio
V. Comments for CVE-2026-7770
No comments yet