How is CVE-2026-7770 exploited?

Network reachability (required): The vulnerable service must be reachable over the network; an attacker sends malicious requests to ACS while it is listening for IBM i Navigator connections. Authentication (required): Any low-privilege authenticated account is sufficient; no administrative or elevated credentials are needed to trigger the vulnerability. Victim interaction (not-required): No user action or social engineering is needed; the attacker exploits the listening service directly without any interaction from a victim. Attack complexity (info): The exploit is reliable and condition-free, requiring no race conditions, specific memory layout, or other environmental factors beyond network access and credentials.

What is the impact of CVE-2026-7770?

A successful attacker executes arbitrary code in the context of the ACS process, gaining a foothold on the host running IBM i Access Client Solutions. All data accessible to the ACS process, including stored credentials, configuration files, and session data, is readable by the attacker. The attacker can modify or delete files, configuration, and persisted data accessible to the ACS process. The attacker can crash or permanently disrupt the ACS service and any dependent IBM i Navigator workflows relying on it.

Back to search

HIGHCVE-2026-7770Published 2026-06-01Modified 2026-06-02CNA ibm

CVE-2026-7770: IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Remote code execution vulnerability in IBM i Access Client Solutions (ACS), affecting versions 1.1.5.0 through 1.1.9.12. The flaw is reachable over the network by any authenticated low-privilege user, with no victim interaction required, when ACS is configured to listen for requests from IBM i Navigator. Successful exploitation gives an attacker full control over confidentiality, integrity, and availability of the affected system. HarborGuard is tracking the IBM advisory and will make a patched-image rebuild available as soon as IBM publishes a fix version.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including IBM's advisory channel, within minutes of publication and matched against all customer images, including custom-built images that bundle IBM i Access Client Solutions. No manual feed configuration is required to gain coverage.

Available

Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 8.8 (HIGH) and weights it against each environment's compliance policy, so teams with stricter controls see it prioritized accordingly. Triage findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy rules.

Available

Patch

No fix version has been published by IBM for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available at the fixed version the moment IBM ships one. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable service must be reachable over the network; an attacker sends malicious requests to ACS while it is listening for IBM i Navigator connections.
AuthenticationRequired
Any low-privilege authenticated account is sufficient; no administrative or elevated credentials are needed to trigger the vulnerability.
Victim interactionNot required
No user action or social engineering is needed; the attacker exploits the listening service directly without any interaction from a victim.
Attack complexityDetail
The exploit is reliable and condition-free, requiring no race conditions, specific memory layout, or other environmental factors beyond network access and credentials.

Blast Radius

A successful attacker executes arbitrary code in the context of the ACS process, gaining a foothold on the host running IBM i Access Client Solutions.
All data accessible to the ACS process, including stored credentials, configuration files, and session data, is readable by the attacker.
The attacker can modify or delete files, configuration, and persisted data accessible to the ACS process.
The attacker can crash or permanently disrupt the ACS service and any dependent IBM i Navigator workflows relying on it.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively monitored against all images in customer registries and CI pipelines that include IBM i Access Family packages in the affected version range (1.1.5.0 through 1.1.9.12). Because IBM has not yet published a fix version, no patched-image rebuild is available at this time. HarborGuard re-evaluates the upstream advisory on every ingest cycle and will generate a patched rebuild automatically the moment a fix version is released; for customers with auto-remediation enabled, that rebuild will be followed by a regression test run and a PR opened against affected workloads, with a typical median time from fix publication to merged PR of around 90 minutes for HIGH-severity issues. In the interim, customers can apply compensating controls by restricting network access to the ACS listening port via Kubernetes NetworkPolicy or host-based firewall rules, limiting which hosts and accounts can reach the IBM i Navigator interface, and, where operationally feasible, disabling the IBM i Navigator listener configuration until a patch is available.

See how HarborGuard automates this

Affected packages

IBM / i Access Family
≤ 1.1.9.12

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ibm.com

Metrics

Get notified