securityonline.info 7/2/2026, 4:42:08 AM · external

IBM Db2 hits critical flaw CVE-2026-10109, urgent patch advised

IBM Db2 hits critical flaw CVE-2026-10109, urgent patch advised
CyberSIXT Evidence Panel
Primary Source ibm.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

AN active exploit has been detected for CVE-2026-10109, a critical remote code execution vulnerability in IBM Db2 affecting versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4. The flaw allows unprivileged remote attackers to execute arbitrary code through a mishandled DRDA connection handshake, with a CVSS score of 9.8. As of now, there is no confirmed exploitation reported; however, IBM recommends applying special builds to mitigate the risk and restricting network access to the Db2 listener. In addition, two other vulnerabilities have been patched in Db2, one involving potential data leakage and another that could crash the server.

View Primary Source Via securityonline.info

Article by CyberSIXT