Security Advisories

IBM i Security Advisories

IBM i and IBM Power security bulletins, tracked by product and component. Every entry links directly to the IBM source bulletin. Match exact installed levels before assuming exposure.

IBM Power System update for a service processor vulnerability

CVE-2026-22796

Risk: Malicious digitally signed file, Service processor impact

Action: Determine affected firmware levels and install IBM's released update.

IBM Security Bulletin

IBM i and Java: multiple IBM Java SDK and Runtime vulnerabilities

CVE-2026-22016 CVE-2026-22021 CVE-2026-22013 CVE-2026-22018 CVE-2026-34268 CVE-2026-22007

Risk: Multiple Java runtime vulnerabilities

Action: Determine installed Java versions and apply IBM's release-specific PTFs.

IBM Security Bulletin

IBM i and OpenSSH: multiple vulnerabilities

CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388

Risk: Permission handling, Command execution, Algorithm selection, Connection multiplexing

Action: Match installed OpenSSH levels against IBM's affected-product table and apply the prescribed PTFs.

IBM Security Bulletin

IBM i and WebSphere Liberty: denial of service, HTTP request smuggling, and remote code execution

CVE-2026-10852 CVE-2026-8858 CVE-2026-9072 CVE-2026-8633 CVE-2026-8620

Risk: Denial of service, Remote code execution, HTTP request smuggling

Action: Identify affected installed WebSphere Liberty versions and apply IBM's listed fix or mitigation.

IBM Security Bulletin