AN active exploit has been detected for CVE-2026-10109, a critical remote code execution vulnerability in IBM Db2 affecting versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4. The flaw allows unprivileged remote attackers to execute arbitrary code through a mishandled DRDA connection handshake, with a CVSS score of 9.8. As of now, there is no confirmed exploitation reported; however, IBM recommends applying special builds to mitigate the risk and restricting network access to the Db2 listener. In addition, two other vulnerabilities have been patched in Db2, one involving potential data leakage and another that could crash the server.
IBM Db2 hits critical flaw CVE-2026-10109, urgent patch advised
CyberSIXT Evidence Panel
Article by CyberSIXT