Skip to main content

IBM Db2 EUVDEUVD-2026-32492

| CVE-2026-6938 MEDIUM
Improper Authorization (CWE-285)
2026-05-27 psirt@us.ibm.com GHSA-fmg6-qg6h-pwx6
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 21:19 vuln.today

DescriptionCVE.org

IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.

AnalysisAI

Authorization bypass in IBM Db2 12.1.0 through 12.1.4 enables authenticated low-privilege users to upload data to remote object storage paths that should be beyond their access scope by including a specially crafted query. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-accessible, requires no user interaction, and demands only a low-privilege database account, while the I:H score indicates high integrity impact - unauthorized writes to restricted storage destinations. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Technical ContextAI

IBM Db2 12.1.x includes functionality allowing database users to perform uploads to remote object storage targets (e.g., S3-compatible cloud storage endpoints) as part of data offloading or external table operations. The flaw is classified under CWE-285 (Improper Authorization), indicating the server-side authorization logic that governs which storage paths a given user is permitted to write to is not correctly enforced when the upload request contains a specially constructed query. Rather than a cryptographic or memory-safety failure, this is a logical access control defect - the authorization check is present but bypassable through query manipulation, allowing a low-privilege user to reference and write to object storage paths outside their granted scope. Affected versions per EUVD-2026-32492 span the entire Db2 12.1 release line from 12.1.0 through 12.1.4.

RemediationAI

Consult and apply the fix detailed in the IBM support advisory at https://www.ibm.com/support/pages/node/7273559. The exact patched fix pack or iFix level was not independently confirmed from the provided data - the advisory should specify the minimum required build. As compensating controls pending patch application, restrict low-privilege database user accounts from executing statements (such as LOAD, EXPORT, or equivalent external storage commands) that reference remote object storage paths by reviewing and revoking unnecessary LOAD/WRITE privileges in the Db2 security catalog; note this may impact legitimate ETL or data offloading workloads and should be scoped carefully. Additionally, applying network-level controls to limit which authenticated database accounts can reach external object storage endpoints reduces the blast radius, though this adds operational overhead for managing per-account network policies.

Share

EUVD-2026-32492 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy