Skip to main content

IBM Db2 EUVDEUVD-2026-40406

| CVE-2026-10109 CRITICAL
Code Injection (CWE-94)
2026-06-30 psirt@us.ibm.com GHSA-fq2g-wj3x-6hc2
9.8
CVSS 3.1 · Vendor: us
Share

Severity by source

Vendor (us) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Pre-auth DRDA handshake is network-reachable with no credentials or interaction (AV:N/AC:L/PR:N/UI:N), and code injection yields full host compromise (C/I/A:H).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (us).

CVSS VectorVendor: us

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
CVE Published
Jun 30, 2026 - 20:35 cve.org
CRITICAL 9.8
Analysis Generated
Jun 30, 2026 - 20:31 vuln.today

DescriptionCVE.org

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

AnalysisAI

Remote code execution in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 lets unauthenticated network attackers run arbitrary code by abusing improper handling of the pre-authentication DRDA handshake. Because the flaw is reachable before any login, any client able to reach the database listener can trigger it, and the CVSS 3.1 base score of 9.8 reflects full compromise of confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Db2 DRDA listener (TCP 50000)
Delivery
Send crafted pre-auth handshake
Exploit
Trigger code injection in handshake parser
Execution
Execute arbitrary code as Db2 process
Impact
Access database and pivot internally

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the IBM Db2 DRDA listener (typically TCP 50000/50001); the flawed code path is in the pre-authentication handshake, so no credentials, user interaction, or special client privileges are needed against affected versions (11.5.0-11.5.9, 12.1.0-12.1.4). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available severity signals point the same direction: the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H describes network-reachable, low-complexity, unauthenticated, no-interaction exploitation with full triple-impact, yielding a 9.8 critical score, and the RCE/Code Injection tags reinforce that the technical impact is total. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach a Db2 instance's DRDA listener sends a specially crafted, malformed handshake packet before authenticating, triggering the code-injection flaw and executing arbitrary commands in the context of the Db2 server process. From there the attacker can read or tamper with all database contents and pivot into the surrounding environment. …
Remediation Apply the fixed Db2 level published in IBM's bulletin at https://www.ibm.com/support/pages/node/7277424 as the primary remediation; the input data does not state an exact patched fixpack version, so treat the specific target level as patch available per vendor advisory and confirm it from that page before scheduling the upgrade. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Db2

View all
CVE-2025-36384 HIGH
8.4 Jan 30

Db2 contains a vulnerability that allows attackers to a local user with filesystem access to escalate their privileges d

CVE-2025-36184 HIGH
7.2 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execu

CVE-2025-36247 HIGH
7.1 Feb 17

Db2 versions up to 12.1.3 is affected by improper restriction of xml external entity reference (CVSS 7.1).

CVE-2025-36365 MEDIUM
6.8 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific con

CVE-2026-11906 MEDIUM
6.5 Jun 30

Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or han

CVE-2025-36372 MEDIUM
6.5 Jun 30

IBM Db2 versions 11.5.0-11.5.9 and 12.1.0-12.1.4 expose sensitive information through internal monitoring and event tabl

CVE-2025-14689 MEDIUM
6.5 Feb 17

Db2 contains a vulnerability that allows attackers to an authenticated user to cause a denial of service due to improper

CVE-2025-13867 MEDIUM
6.5 Feb 17

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could

CVE-2025-36427 MEDIUM
6.5 Jan 30

Db2 contains a vulnerability that allows attackers to cause a denial of service due to insufficient validation of specia

CVE-2025-36424 MEDIUM
6.5 Jan 30

Db2 contains a vulnerability that allows attackers to cause a denial of service due to improper neutralization of specia

CVE-2025-36442 MEDIUM
6.5 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a

CVE-2025-36366 MEDIUM
6.5 Jan 30

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by exe

Share

EUVD-2026-40406 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy