Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
AnalysisAI
Authorization bypass in IBM Db2 12.1.0 through 12.1.4 enables authenticated low-privilege users to upload data to remote object storage paths that should be beyond their access scope by including a specially crafted query. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-accessible, requires no user interaction, and demands only a low-privilege database account, while the I:H score indicates high integrity impact - unauthorized writes to restricted storage destinations. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Technical ContextAI
IBM Db2 12.1.x includes functionality allowing database users to perform uploads to remote object storage targets (e.g., S3-compatible cloud storage endpoints) as part of data offloading or external table operations. The flaw is classified under CWE-285 (Improper Authorization), indicating the server-side authorization logic that governs which storage paths a given user is permitted to write to is not correctly enforced when the upload request contains a specially constructed query. Rather than a cryptographic or memory-safety failure, this is a logical access control defect - the authorization check is present but bypassable through query manipulation, allowing a low-privilege user to reference and write to object storage paths outside their granted scope. Affected versions per EUVD-2026-32492 span the entire Db2 12.1 release line from 12.1.0 through 12.1.4.
RemediationAI
Consult and apply the fix detailed in the IBM support advisory at https://www.ibm.com/support/pages/node/7273559. The exact patched fix pack or iFix level was not independently confirmed from the provided data - the advisory should specify the minimum required build. As compensating controls pending patch application, restrict low-privilege database user accounts from executing statements (such as LOAD, EXPORT, or equivalent external storage commands) that reference remote object storage paths by reviewing and revoking unnecessary LOAD/WRITE privileges in the Db2 security catalog; note this may impact legitimate ETL or data offloading workloads and should be scoped carefully. Additionally, applying network-level controls to limit which authenticated database accounts can reach external object storage endpoints reduces the blast radius, though this adds operational overhead for managing per-account network policies.
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32492
GHSA-fmg6-qg6h-pwx6