Skip to main content

IBM Db2 CVE-2026-11906

| EUVDEUVD-2026-40393 MEDIUM
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-06-30 psirt@us.ibm.com GHSA-v7fg-h2r7-7537
6.5
CVSS 3.1 · Vendor: us
Share

Severity by source

Vendor (us) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

Network-reachable DB query path requires only low-privilege credentials (PR:L); impact is pure availability loss with no confidentiality or integrity exposure.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (us).

CVSS VectorVendor: us

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 30, 2026 - 20:37 vuln.today
CVE Published
Jun 30, 2026 - 20:17 nvd
MEDIUM 6.5

DescriptionCVE.org

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.

AnalysisAI

Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or hang the database server by submitting a crafted SQL query exploiting improper neutralization of special elements in XMLTable-derived column processing logic. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is remotely triggerable with minimal privileges, posing a realistic insider-threat or compromised-credential availability risk. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid low-privilege Db2 credentials
Delivery
Connect to Db2 listener over network
Exploit
Craft SQL query invoking XMLTable with malformed derived-column special elements
Execution
Submit query to trigger improper neutralization in XML query engine
Persist
Cause Db2 service crash or resource exhaustion
Impact
Database unavailable to all dependent users and applications

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid IBM Db2 database session with at least low-level authenticated access (sufficient to submit SQL queries), targeting an instance running Db2 11.5.0-11.5.9 or 12.1.0-12.1.4 on Linux, UNIX, or Windows. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.5 Medium score with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H accurately characterizes real-world risk: the attack is network-reachable and low-complexity, but requires valid database credentials (PR:L), which is a meaningful barrier against unauthenticated opportunistic attacks. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid low-privilege Db2 database account connects to the instance over the network and executes a crafted SQL statement invoking XMLTable with specially constructed derived-column expressions containing malformed special elements. The Db2 XML query engine fails to properly neutralize the input, triggering a fatal condition that crashes the database service or exhausts critical resources, causing a denial of service for all concurrent users and applications. …
Remediation Consult IBM advisory 7277423 at https://www.ibm.com/support/pages/node/7277423 for the applicable fix pack or iFix addressing CVE-2026-11906; exact patched version numbers were not independently confirmed from the reference data available, so the advisory is the authoritative source. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Db2

View all
CVE-2026-10109 CRITICAL
9.8 Jun 30

Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary co

CVE-2025-36384 HIGH
8.4 Jan 30

Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges d

CVE-2025-36184 HIGH
7.2 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execu

CVE-2025-36247 HIGH
7.1 Feb 17

Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).

CVE-2025-36365 MEDIUM
6.8 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific con

CVE-2025-36372 MEDIUM
6.5 Jun 30

IBM Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.4 expose sensitive information through internal monitoring and event tabl

CVE-2025-14689 MEDIUM
6.5 Feb 17

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper

CVE-2025-13867 MEDIUM
6.5 Feb 17

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could

CVE-2025-36427 MEDIUM
6.5 Jan 30

Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of specia

CVE-2025-36424 MEDIUM
6.5 Jan 30

Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of specia

CVE-2025-36442 MEDIUM
6.5 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a

CVE-2025-36366 MEDIUM
6.5 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by exe

Share

CVE-2026-11906 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy