CVE-2026-6936— IBM i is Affected by a Denial of Service Vulnerability []
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1499 · Endpoint Denial of ServiceGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6936
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM i is Affected by a Denial of Service Vulnerability []
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经控制的递归
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM i 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM i是美国国际商业机器(IBM)公司的一套运行在IBM Power Systems和IBM PureSystems中的操作系统。 IBM i 7.6版本、7.5版本、7.4版本和7.3版本存在安全漏洞,该漏洞源于集成语言环境编译器中存在不受控制的递归,可能导致经过身份验证的攻击者编译特制源代码造成拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-6936
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6936
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-6936 (1)
Same Patch Batch · IBM · 2026-05-27 · 29 CVEs total
| CVE-2026-7524 | 9.8 CRITICAL | Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System |
| CVE-2026-8175 | 9.8 CRITICAL | Multiple vulnerabilities in Aspera applications. |
| CVE-2026-5065 | 8.8 HIGH | IBM Controller is affected by vulnerabilities |
| CVE-2026-8179 | 8.8 HIGH | Multiple vulnerabilities in Aspera applications. |
| CVE-2026-7365 | 8.4 HIGH | IBM Operations Analytics - Log Analysis is affected by Information disclosure due to defau |
| CVE-2026-3623 | 7.8 HIGH | Vulnerabilities exists in IBM Netezza Performance Server Replication Services |
| CVE-2026-3366 | 7.5 HIGH | InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read |
| CVE-2026-8180 | 7.5 HIGH | Multiple vulnerabilities in Aspera applications. |
| CVE-2024-56462 | 7.2 HIGH | IBM QRadar SIEM is vulnerable to using components with known vulnerabilities |
| CVE-2026-1718 | 7.1 HIGH | IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running |
| CVE-2026-7528 | 7.1 HIGH | Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure |
| CVE-2026-8405 | 6.5 MEDIUM | IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerabilit |
| CVE-2026-9035 | 6.5 MEDIUM | Multiple vulnerabilities in Aspera applications. |
| CVE-2026-6938 | 6.5 MEDIUM | IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage |
| CVE-2026-6052 | 6.5 MEDIUM | IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC t |
| CVE-2026-3676 | 6.5 MEDIUM | There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Man |
| CVE-2024-40684 | 5.9 MEDIUM | IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate |
| CVE-2026-6053 | 5.5 MEDIUM | IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with |
| CVE-2026-6051 | 5.5 MEDIUM | IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query wi |
| CVE-2026-5515 | 5.5 MEDIUM | IBM App Connect Enterprise is vulnerable to a confidential disclosure |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: IBM
- CVE-2026-9330
IBM WebSphere Application Server is affected by remote code - CVE-2026-9319
IBM WebSphere Application Server is affected by a remote cod - CVE-2026-9311
IBM WebSphere Application Server is affected by remote code - CVE-2026-8644
IBM WebSphere Application Server is affected by an identity - CVE-2026-7770
IBM i Access Client Solutions (ACS) is vulnerable to remote
Same weakness: CWE-674
- CVE-2026-8936
Unbounded recursion in grpcfuse kernel module allows contain - CVE-2026-40989
Self Routing guard bypassed via function composition - CVE-2026-44740
go-billy: Lack of depth and cycle detection in symlink resol - CVE-2026-42328
go-ipld-prime: DAG-CBOR and DAG-JSON decoders unbounded recu - CVE-2026-44844
eml_parser: Recursion DoS via nested message/rfc822 attachme
V. Comments for CVE-2026-6936
No comments yet