Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Pre-auth DRDA handshake is network-reachable with no credentials or interaction (AV:N/AC:L/PR:N/UI:N), and code injection yields full host compromise (C/I/A:H).
Primary rating from Vendor (us).
CVSS VectorVendor: us
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.
AnalysisAI
Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary code by abusing improper handling of the pre-authentication DRDA handshake. Because the flaw is reachable before any login, any client able to reach the database listener can trigger it, and the CVSS 3.1 base score of 9.8 reflects full compromise of confidentiality, integrity, and availability. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only network reachability to the IBM Db2 DRDA listener (typically TCP 50000/50001); the flawed code path is in the pre-authentication handshake, so no credentials, user interaction, or special client privileges are needed against affected versions (11.5.0-11.5.9, 12.1.0-12.1.4). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available severity signals point the same direction: the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H describes network-reachable, low-complexity, unauthenticated, no-interaction exploitation with full triple-impact, yielding a 9.8 critical score, and the RCE/Code Injection tags reinforce that the technical impact is total. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach a Db2 instance's DRDA listener sends a specially crafted, malformed handshake packet before authenticating, triggering the code-injection flaw and executing arbitrary commands in the context of the Db2 server process. From there the attacker can read or tamper with all database contents and pivot into the surrounding environment. … |
| Remediation | Apply the fixed Db2 level published in IBM's bulletin at https://www.ibm.com/support/pages/node/7277424 as the primary remediation; the input data does not state an exact patched fixpack version, so treat the specific target level as patch available per vendor advisory and confirm it from that page before scheduling the upgrade. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges d
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execu
Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific con
Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or han
IBM Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.4 expose sensitive information through internal monitoring and event tabl
Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could
Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of specia
Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of specia
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by exe
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40406
GHSA-fq2g-wj3x-6hc2