Security Bulletin: IBM® Db2® is vulnerable to a denial of service when running multiple concurrent queries with specific spatial table functions (CVE-2025-13867)

Summary IBM® Db2® is vulnerable to a denial of service when running multiple concurrent queries with specific spatial table functions CVE-2025-13867 Vulnerability Details CVEID:CVE-2025-13867 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and...

CVE-2026-6051

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

CVE-2026-1352

This entry describes CVE-2026-1352 affecting IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server). Affected versions are Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 (client and server). The issue allows an authenticated user to cause a Denial of Service due to improper neutralization of special ...

CVE-2026-1352 IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries. Vulnerability Details CVEID:CVE-2026-1577 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of servic...

Security Bulletin: IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index (CVE-2026-1352)

Summary IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index. Vulnerability Details CVEID:CVE-2026-1352 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denia...

XML External Entity Injection Vulnerability in IBM Db2

IBM Db2 is the United States International Business Machines IBM company developed a set of relational database management system, it is the main operating environment for UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. An XML external entit...

CVE-2025-27900

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

CVE-2025-36247

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.(CVE-2025-36407)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36407 DESCRIPTION: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14675)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14666)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure under specific HADR configuration (CVE-2025-36425)

Summary IBM® Db2® could allow an authenticated user to obtain sensitive information under specific HADR configuration. Vulnerability Details CVEID:CVE-2025-36425 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to obtain sensitive...

Linux Distros Unpatched Vulnerability : CVE-2025-36423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper...

Linux Distros Unpatched Vulnerability : CVE-2025-36407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. CVE-2025-36407 Note that Nessus relies on the...

CVE-2025-36366

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service by executing a query that invokes the JSONObject scalar function, which may trigger an unhandled exception leading to abnormal server termination...

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

CVE-2025-36424

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2025-36407

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

CVE-2025-36424

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic...